Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'openwrt:master' into master

Browse source
This commit is contained in:
Hayzam Sherif 2023-11-01 01:02:01 +04:00 committed by GitHub
commit b925356f46
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
85 changed files with 1768 additions and 434 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
admin/zabbix/Makefile
View file

@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=zabbix
PKG_VERSION:=6.2.3
PKG_RELEASE:=3
PKG_VERSION:=6.4.7
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://cdn.zabbix.com/zabbix/sources/stable/$(basename $(PKG_VERSION))/ \
https://cdn.zabbix.com/zabbix/sources/oldstable/$(basename $(PKG_VERSION))/
PKG_HASH:=2be7e57fb33a55fee71480598e317ffa6a8ee5a39639a7e1b42b2ea6872107b5
PKG_HASH:=6b4e81f07de4c82c7994871bea51be4d6427683fa9a7fbe112fd7559b3670e49
PKG_MAINTAINER:=Etienne CHAMPETIER <champetier.etienne@gmail.com>
PKG_LICENSE:=GPL-2.0
@ -57,7 +57,7 @@ define Package/zabbix/Default
TITLE:=Zabbix
URL:=https://www.zabbix.com/
USERID:=zabbix=53:zabbix=53
DEPENDS+=$(ICONV_DEPENDS) +libpcre +zlib
DEPENDS+=$(ICONV_DEPENDS) +libpcre2 +zlib
endef
define Package/zabbix-agentd
@ -157,6 +157,7 @@ define Package/zabbix-server/Default
+ZABBIX_MYSQL:libmariadbclient \
@(!ZABBIX_SQLITE) \
+libevent2 \
+libevent2-pthreads \
+fping
endef
@ -209,6 +210,7 @@ define Package/zabbix-proxy/Default
+ZABBIX_MYSQL:libmariadbclient \
+ZABBIX_SQLITE:libsqlite3 \
+libevent2 \
+libevent2-pthreads \
+fping
endef
@ -262,8 +264,8 @@ CONFIGURE_ARGS+= \
$(if $(CONFIG_ZABBIX_MYSQL),--with-mysql) \
$(if $(CONFIG_ZABBIX_POSTGRESQL),--with-postgresql) \
$(if $(CONFIG_ZABBIX_SQLITE),--with-sqlite3=$(STAGING_DIR)/usr) \
--with-libevent=$(STAGING_DIR)/usr/include/libevent \
--with-libpcre=$(STAGING_DIR)/usr/include \
--with-libevent=$(STAGING_DIR)/usr/include \
--with-libpcre2=$(STAGING_DIR)/usr/include \
--with-zlib=$(STAGING_DIR)/usr/include
ifeq ($(BUILD_VARIANT),openssl)

6
admin/zabbix/patches/110-reproducible-builds.patch
View file

@ -1,6 +1,6 @@
--- a/src/libs/zbxcommon/str.c
+++ b/src/libs/zbxcommon/str.c
@@ -49,7 +49,7 @@ static const char help_message_footer[]
--- a/src/libs/zbxcommon/misc.c
+++ b/src/libs/zbxcommon/misc.c
@@ -329,7 +329,7 @@ void zbx_help(void)
void zbx_version(void)
{
printf("%s (Zabbix) %s\n", title_message, ZABBIX_VERSION);

6
lang/php8-pecl-http/Makefile
View file

@ -8,9 +8,9 @@ include $(TOPDIR)/rules.mk
PECL_NAME:=pecl_http
PECL_LONGNAME:=Extended HTTP Support
PKG_VERSION:=4.2.3
PKG_RELEASE:=2
PKG_HASH:=fa2ab558fc8f0928a10f35c0f566f7c4a1d32e727bd3a96579e4c28482ee9d6a
PKG_VERSION:=4.2.4
PKG_RELEASE:=1
PKG_HASH:=fb1e10c2e5edfb011ff8dc2e473cdbd2bbe0127d1279dfce4d98570555ac6ded
PKG_NAME:=php8-pecl-http
PKG_SOURCE:=$(PECL_NAME)-$(PKG_VERSION).tgz

4
lang/php8-pecl-redis/Makefile
View file

@ -8,9 +8,9 @@ include $(TOPDIR)/rules.mk
PECL_NAME:=redis
PECL_LONGNAME:=PHP extension for interfacing with Redis
PKG_VERSION:=6.0.1
PKG_VERSION:=6.0.2
PKG_RELEASE:=1
PKG_HASH:=d39136e0ef9495f8e775ef7349a97658fb41c526d12d8e517f56274f149e1e4e
PKG_HASH:=01aeccb0e14f897fe56f0509be6e6991ff0ad459f9d34e95e4556d02699b9a03
PKG_NAME:=php8-pecl-redis
PKG_SOURCE:=$(PECL_NAME)-$(PKG_VERSION).tgz

4
lang/php8-pecl-xdebug/Makefile
View file

@ -8,9 +8,9 @@ include $(TOPDIR)/rules.mk
PECL_NAME:=xdebug
PECL_LONGNAME:=Xdebug extension
PKG_VERSION:=3.2.1
PKG_VERSION:=3.2.2
PKG_RELEASE:=1
PKG_HASH:=ef4cb3c228192798874e4530cccceee76840cc80821909740088a1e1a8f00445
PKG_HASH:=f48777371f90cbb315ea4ea082a1ede6765bcfb35d7d6356ab8f71fd6dfcc157
PKG_NAME:=php8-pecl-xdebug
PKG_SOURCE:=$(PECL_NAME)-$(PKG_VERSION).tgz

4
lang/python/python-pip/Makefile
View file

@ -8,11 +8,11 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=python-pip
PKG_VERSION:=23.2.1
PKG_VERSION:=23.3.1
PKG_RELEASE:=1
PYPI_NAME:=pip
PKG_HASH:=fb0bd5435b3200c602b5bf61d2d43c2f13c02e29c1707567ae7fbc514eb9faf2
PKG_HASH:=1fcaa041308d01f14575f6d0d2ea4b75a3e2871fe4f9c694976f908768e14174
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE.txt

12
lang/python/python-pip/patches/001-pyproject-hooks-pyc-fix.patch
View file

@ -1,13 +1,19 @@
--- a/src/pip/_vendor/pyproject_hooks/_in_process/__init__.py
+++ b/src/pip/_vendor/pyproject_hooks/_in_process/__init__.py
@@ -11,8 +11,8 @@ try:
@@ -11,8 +11,14 @@ try:
except AttributeError:
# Python 3.8 compatibility
def _in_proc_script_path():
- return resources.path(__package__, '_in_process.py')
+ return resources.path(__package__, '_in_process.pyc')
+ filename = '_in_process.pyc'
+ if resources.is_resource(__package__, '_in_process.py'):
+ filename = '_in_process.py'
+ return resources.path(__package__, filename)
else:
def _in_proc_script_path():
+ filename = '_in_process.pyc'
+ if resources.files(__package__).joinpath('_in_process.py').is_file():
+ filename = '_in_process.py'
return resources.as_file(
- resources.files(__package__).joinpath('_in_process.py'))
+ resources.files(__package__).joinpath('_in_process.pyc'))
+ resources.files(__package__).joinpath(filename))

8
lang/python/python-pip/patches/002-pip-runner-pyc-fix.patch
View file

@ -1,11 +1,15 @@
--- a/src/pip/_internal/build_env.py
+++ b/src/pip/_internal/build_env.py
@@ -54,7 +54,7 @@ def get_runnable_pip() -> str:
@@ -54,7 +54,11 @@ def get_runnable_pip() -> str:
# case, we can use that directly.
return str(source)
- return os.fsdecode(source / "__pip-runner__.py")
+ return os.fsdecode(source / "__pip-runner__.pyc")
+ filename = "__pip-runner__.pyc"
+ py = source / "__pip-runner__.py"
+ if py.is_file():
+ filename = "__pip-runner__.py"
+ return os.fsdecode(source / filename)
def _get_system_sitepackages() -> Set[str]:

2
lang/python/python-pip/patches/003-disable-pip-version-check.patch
View file

@ -9,7 +9,7 @@ Patch-Name: disable-pip-version-check.patch
--- a/src/pip/_internal/cli/cmdoptions.py
+++ b/src/pip/_internal/cli/cmdoptions.py
@@ -892,7 +892,7 @@ disable_pip_version_check: Callable[...,
@@ -895,7 +895,7 @@ disable_pip_version_check: Callable[...,
"--disable-pip-version-check",
dest="disable_pip_version_check",
action="store_true",

2
lang/python/python3-version.mk
View file

@ -12,7 +12,7 @@ PYTHON3_VERSION_MICRO:=6
PYTHON3_VERSION:=$(PYTHON3_VERSION_MAJOR).$(PYTHON3_VERSION_MINOR)
PYTHON3_SETUPTOOLS_PKG_RELEASE:=1
PYTHON3_SETUPTOOLS_PKG_RELEASE:=2
PYTHON3_PIP_PKG_RELEASE:=1
PYTHON3_SETUPTOOLS_VERSION:=65.5.0

38
lang/python/python3/patches-host-setuptools/0001-Adjust-library-header-paths-for-cross-compilation.patch Normal file
View file

@ -0,0 +1,38 @@
From e359a7a3c4f9e70360a068bef19c95938fdacede Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Date: Wed, 23 Dec 2015 11:33:14 +0100
Subject: [PATCH] Adjust library/header paths for cross-compilation
When cross-compiling third-party extensions, the get_python_inc() or
get_python_lib() can be called, to return the path to headers or
libraries. However, they use the sys.prefix of the host Python, which
returns incorrect paths when cross-compiling (paths pointing to host
headers and libraries).
In order to fix this, we introduce the _python_sysroot, _python_prefix
and _python_exec_prefix variables, that allow to override these
values, and get correct header/library paths when cross-compiling
third-party Python modules.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[adapt for setuptools, rename environment variable, use fixed lib path]
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
---
Lib/distutils/command/build_ext.py | 5 ++++-
Lib/sysconfig.py | 15 +++++++++++----
2 files changed, 15 insertions(+), 5 deletions(-)
--- a/setuptools/_distutils/command/build_ext.py
+++ b/setuptools/_distutils/command/build_ext.py
@@ -238,7 +238,10 @@ class build_ext(Command):
if sysconfig.get_config_var('Py_ENABLE_SHARED'):
if not sysconfig.python_build:
# building third party extensions
- self.library_dirs.append(sysconfig.get_config_var('LIBDIR'))
+ libdir = sysconfig.get_config_var('LIBDIR')
+ if 'STAGING_DIR' in os.environ:
+ libdir = os.environ.get('STAGING_DIR') + '/usr/lib'
+ self.library_dirs.append(libdir)
else:
# building python standard extensions
self.library_dirs.append('.')

4
lang/rust/Makefile
View file

@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=rust
PKG_VERSION:=1.73.0
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=rustc-$(PKG_VERSION)-src.tar.gz
PKG_SOURCE_URL:=https://static.rust-lang.org/dist/
@ -18,6 +18,7 @@ PKG_LICENSE:=Apache-2.0 MIT
PKG_LICENSE_FILES:=LICENSE-APACHE LICENSE-MIT
PKG_HOST_ONLY:=1
PKG_BUILD_FLAGS:=no-mips16
include $(INCLUDE_DIR)/host-build.mk
include $(INCLUDE_DIR)/package.mk
@ -86,6 +87,7 @@ endef
define Host/Compile
$(RUST_SCCACHE_VARS) \
CARGO_HOME=$(CARGO_HOME) \
TARGET_CFLAGS="$(TARGET_CFLAGS)" \
OPENWRT_RUSTC_BOOTSTRAP_CACHE=$(DL_DIR)/rustc \
$(PYTHON) $(HOST_BUILD_DIR)/x.py \
--build-dir $(HOST_BUILD_DIR)/build \

19
lang/rust/patches/0002-rustc-bootstrap-cache.patch
View file

@ -11,7 +11,22 @@
os.makedirs(rustc_cache)
--- a/src/bootstrap/download.rs
+++ b/src/bootstrap/download.rs
@@ -520,7 +520,10 @@ impl Config {
@@ -202,7 +202,13 @@ impl Config {
Some(other) => panic!("unsupported protocol {other} in {url}"),
None => panic!("no protocol in {url}"),
}
- t!(std::fs::rename(&tempfile, dest_path));
+ match std::fs::rename(&tempfile, dest_path) {
+ Ok(v) => v,
+ Err(_) => {
+ t!(std::fs::copy(&tempfile, dest_path));
+ t!(std::fs::remove_file(&tempfile));
+ }
+ }
}
fn download_http_with_retries(&self, tempfile: &Path, url: &str, help_on_error: &str) {
@@ -520,7 +526,10 @@ impl Config {
key: &str,
destination: &str,
) {
@ -23,7 +38,7 @@
let cache_dir = cache_dst.join(key);
if !cache_dir.exists() {
t!(fs::create_dir_all(&cache_dir));
@@ -647,7 +650,10 @@ download-rustc = false
@@ -647,7 +656,10 @@ download-rustc = false
let llvm_assertions = self.llvm_assertions;
let cache_prefix = format!("llvm-{llvm_sha}-{llvm_assertions}");

4
libs/efivar/Makefile
View file

@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=efivar
PKG_VERSION:=38
PKG_RELEASE:=2
PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://github.com/rhboot/efivar/releases/download/$(PKG_VERSION)
@ -25,7 +25,7 @@ define Package/efivar
SECTION:=libs
CATEGORY:=Libraries
TITLE:=Tools and libraries to work with EFI variables
DEPENDS:=@TARGET_x86_64
DEPENDS:=@(TARGET_x86_64||TARGET_armsr_armv8)
URL:=https://github.com/rhboot/efibootmgr
endef

32
libs/efivar/patches/006-build-util-c-separately-for-makeguids.patch Normal file
View file

@ -0,0 +1,32 @@
From ca48d3964d26f5e3b38d73655f19b1836b16bd2d Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex@linutronix.de>
Date: Tue, 18 Jan 2022 11:53:41 +0100
Subject: [PATCH] src/Makefile: build util.c separately for makeguids
util.c needs to be built twice when cross-compiling:
for the build machine to be able to link with
makeguids which then runs during the same build,
and then for the actual target.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
src/Makefile | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/src/Makefile
+++ b/src/Makefile
@@ -28,10 +28,13 @@ EFIVAR_OBJECTS = $(patsubst %.S,%.o,$(pa
EFISECDB_SOURCES = efisecdb.c guid-symbols.c secdb-dump.c util.c
EFISECDB_OBJECTS = $(patsubst %.S,%.o,$(patsubst %.c,%.o,$(EFISECDB_SOURCES)))
GENERATED_SOURCES = include/efivar/efivar-guids.h guid-symbols.c
-MAKEGUIDS_SOURCES = makeguids.c util.c
+MAKEGUIDS_SOURCES = makeguids.c util-makeguids.c
MAKEGUIDS_OBJECTS = $(patsubst %.S,%.o,$(patsubst %.c,%.o,$(MAKEGUIDS_SOURCES)))
MAKEGUIDS_OUTPUT = $(GENERATED_SOURCES) guids.lds
+util-makeguids.c : util.c
+ cp util.c util-makeguids.c
+
ALL_SOURCES=$(LIBEFISEC_SOURCES) $(LIBEFIBOOT_SOURCES) $(LIBEFIVAR_SOURCES) \
$(MAKEGUIDS_SOURCES) $(GENERATED_SOURCES) $(EFIVAR_SOURCES) \
$(sort $(wildcard include/efivar/*.h))

4
libs/ngtcp2/Makefile
View file

@ -1,12 +1,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=ngtcp2
PKG_VERSION:=1.0.0
PKG_VERSION:=1.0.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/ngtcp2/ngtcp2/releases/download/v$(PKG_VERSION)/
PKG_HASH:=a40b18af654baaebee3431af9bb4e347f40080bf1189d658ad53f8e66bf39da3
PKG_HASH:=df03e7e91110fcbb165ae048fa671f1dd39f77b841df3a14aef076a1c192cc27
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING

173
libs/unixodbc/Makefile
View file

@ -8,22 +8,27 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=unixodbc
PKG_VERSION:=2.3.9
PKG_RELEASE:=2
PKG_VERSION:=2.3.12
PKG_RELEASE:=1
PKG_SOURCE:=unixODBC-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.unixodbc.org
PKG_HASH:=52833eac3d681c8b0c9a5a65f2ebd745b3a964f208fc748f977e44015a31b207
PKG_HASH:=f210501445ce21bf607ba51ef8c125e10e22dffdffec377646462df5f01915ec
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
PKG_LICENSE:=prog GPL libs LGPL
PKG_LICENSE:=LGPL-2.1-or-later GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING exe/COPYING
PKG_CPE_ID:=cpe:/a:unixodbc:unixodbc
PKG_BUILD_DIR:=$(BUILD_DIR)/unixODBC-$(PKG_VERSION)
HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/unixODBC-$(PKG_VERSION)
HOST_BUILD_DEPENDS:=unixodbc
HOST_BUILD_DIR:=$(BUILD_DIR)/host/unixODBC-$(PKG_VERSION)
PKG_BUILD_PARALLEL:=1
PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
HOST_BUILD_DEPENDS:=unixodbc
HOST_BUILD_PARALLEL:=1
# if your other package depends on unixodbc and needs
# odbc_config, add to your other Makefile
@ -35,91 +40,145 @@ include $(INCLUDE_DIR)/host-build.mk
CONFIGURE_ARGS += \
--disable-gui \
--with-pic \
--enable-drivers \
--includedir=$(STAGING_DIR)/usr/include
--enable-drivers
define Package/unixodbc/Default
SUBMENU:=Database
TITLE:=unixODBC
URL:=http://www.unixodbc.org
URL:=https://www.unixodbc.org
endef
define Package/unixodbc
$(call Package/unixodbc/Default)
TITLE+= (libraries)
define Package/unixodbc/Default/description
unixODBC is an Open Source ODBC sub-system and an ODBC SDK for Linux,
Mac OSX, and UNIX.
endef
define Package/libodbc
$(call Package/unixodbc/Default)
TITLE+= Driver Manager library
SECTION:=libs
CATEGORY:=Libraries
DEPENDS:=+libltdl +libpthread
ABI_VERSION:=2
endef
define Package/libodbc/description
$(call Package/unixodbc/Default/description)
This package provides the unixODBC Driver Manager library.
endef
define Package/libodbccr
$(call Package/unixodbc/Default)
TITLE+= Cursor library
SECTION:=libs
CATEGORY:=Libraries
DEPENDS:=+libodbc +libltdl +libpthread
ABI_VERSION:=2
endef
define Package/libodbccr/description
$(call Package/unixodbc/Default/description)
This package provides the unixODBC Cursor library.
endef
define Package/libodbcinst
$(call Package/unixodbc/Default)
TITLE+= Configuration library
SECTION:=libs
CATEGORY:=Libraries
DEPENDS:=+libltdl +libpthread
ABI_VERSION:=2
endef
define Package/libodbcinst/description
$(call Package/unixodbc/Default/description)
This package provides the unixODBC Configuration library.
endef
define Package/unixodbc
$(call Package/unixodbc/Default)
TITLE+= (libraries)
SECTION:=libs
CATEGORY:=Libraries
DEPENDS:=+libodbc +libodbccr +libodbcinst
endef
define Package/unixodbc/description
unixODBC is an Open Source ODBC sub-system and an ODBC SDK for Linux,
Mac OSX, and UNIX.
$(call Package/unixodbc/Default/description)
This package installs the unixODBC Driver Manager, Cursor, and
Configuration libraries. This package is provided for backwards
compatibility; these libraries are available in separate packages.
endef
define Package/unixodbc-tools
$(call Package/unixodbc/Default)
$(call Package/unixodbc/Default)
SECTION:=utils
CATEGORY:=Utilities
TITLE+= Tools
DEPENDS:=+unixodbc +libncurses +libreadline
DEPENDS:=+libodbc +libodbcinst +libltdl +libreadline
endef
define Package/unixodbc-tools/description
Command Line Tools to help install a driver and work with SQL.
$(call Package/unixodbc/Default/description)
This package provides command-line tools to help install a driver and
work with SQL.
endef
define Package/pgsqlodbc
$(call Package/unixodbc/Default)
$(call Package/unixodbc/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE:=Postgresql driver for ODBC
DEPENDS:=+unixodbc +libpq
TITLE:=PostgreSQL driver for ODBC
DEPENDS:=+libodbc +libpq +libltdl +libpthread
ABI_VERSION:=2
endef
define Package/pgsqlodbc/description
Postgresql driver for ODBC.
endef
$(call Package/unixodbc/Default/description)
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR) \
DESTDIR="$(PKG_INSTALL_DIR)" \
$(MAKE_FLAGS) \
ARCH="$(ARCH)" \
CC="$(TARGET_CC)"
$(MAKE) -C $(PKG_BUILD_DIR) \
DESTDIR="$(PKG_INSTALL_DIR)" \
$(MAKE_FLAGS) \
ARCH="$(ARCH)" \
install -i
This package provides the PostgreSQL driver for ODBC.
endef
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/$(STAGING_DIR)/usr/include/*.h $(1)/usr/include/
$(CP) $(PKG_INSTALL_DIR)/usr/include/*.h $(1)/usr/include/
# Save autoconf config.h file for host build
# copy target autoconf config.h and unixodbc_conf.h file for host build
$(INSTALL_DIR) $(1)/tmp/unixodbc
$(CP) $(PKG_BUILD_DIR)/config.h $(1)/tmp/unixodbc/
$(CP) $(PKG_BUILD_DIR)/unixodbc_conf.h $(1)/tmp/unixodbc/
$(INSTALL_DIR) $(1)/usr/include/unixodbc
$(CP) $(PKG_BUILD_DIR)/config.h $(1)/usr/include/unixodbc/
$(CP) $(PKG_BUILD_DIR)/unixodbc_conf.h $(1)/usr/include/unixodbc/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/etc
$(CP) $(PKG_INSTALL_DIR)/etc/odbc* $(1)/etc/
$(INSTALL_DIR) $(1)/etc/ODBCDataSources
$(TARGET_CC) $(TARGET_CFLAGS) -E ./files/unixodbc_conf.h | tr '@' '\#' >$(1)/usr/include/unixodbc_conf.h
endef
define Package/unixodbc/install
define Package/libodbc/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libodbc[ci]*so* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libodbc.*so* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libnn*so* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libodbc.so* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/odbc.init $(1)/etc/init.d/odbc
$(LN) /tmp/etc/odbcinst.ini $(1)/etc/odbcinst.ini
endef
define Package/libodbccr/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libodbccr.so* $(1)/usr/lib/
endef
define Package/libodbcinst/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libodbcinst.so* $(1)/usr/lib/
endef
Package/unixodbc/install:=:
define Package/unixodbc-tools/install
$(INSTALL_DIR) $(1)/usr/bin
$(CP) $(PKG_INSTALL_DIR)/usr/bin/{dltest,isql,iusql,odbcinst,slencheck} $(1)/usr/bin/
@ -127,34 +186,34 @@ endef
define Package/pgsqlodbc/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libodbcpsql*so* $(1)/usr/lib/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libodbcpsql.so* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/etc/odbcinst.ini.d/
echo "[PostgreSQL]" > $(1)/etc/odbcinst.ini.d/pgsqlodbc.ini
echo "Description = unixODBC PostgreSQL driver" >> $(1)/etc/odbcinst.ini.d/pgsqlodbc.ini
echo "Driver = /usr/lib/libodbcpsql.so" >> $(1)/etc/odbcinst.ini.d/pgsqlodbc.ini
$(INSTALL_DATA) ./files/pgsqlodbc.ini $(1)/etc/odbcinst.ini.d/
endef
define Host/Configure
$(call Host/Configure/Default)
cp $(STAGING_DIR)/tmp/unixodbc/config.h $(HOST_BUILD_DIR)
sed -i -e 's!\(LIB_PREFIX \).*$$$$!\1"$(STAGING_DIR)/usr/lib"!' $(HOST_BUILD_DIR)/config.h
cp $(STAGING_DIR)/tmp/unixodbc/unixodbc_conf.h $(HOST_BUILD_DIR)
$(CP) $(STAGING_DIR)/usr/include/unixodbc/config.h $(HOST_BUILD_DIR)
$(CP) $(STAGING_DIR)/usr/include/unixodbc/unixodbc_conf.h $(HOST_BUILD_DIR)
$(CP) $(STAGING_DIR)/usr/include/unixodbc.h $(HOST_BUILD_DIR)
$(SED) 's!^#define INCLUDE_PREFIX ".*"!#define INCLUDE_PREFIX "$(STAGING_DIR)/usr/include"!' \
-e 's!^#define LIB_PREFIX ".*"!#define LIB_PREFIX "$(STAGING_DIR)/usr/lib"!' \
$(HOST_BUILD_DIR)/config.h \
$(HOST_BUILD_DIR)/unixodbc_conf.h
endef
define Host/Compile
$(MAKE) -C $(HOST_BUILD_DIR)/exe \
DESTDIR="$(HOST_INSTALL_DIR)" \
CC="$(HOSTCC)" \
CFLAGS="$(HOST_CFLAGS) -DUSE_UNIXODBC_CONF_H" \
LDFLAGS="$(HOST_LDFLAGS)" \
odbc_config
$(call Host/Compile/Default,-C $(HOST_BUILD_DIR)/exe odbc_config)
endef
define Host/Install
$(INSTALL_DIR) $(STAGING_DIR_HOST)/bin
$(INSTALL_BIN) $(HOST_BUILD_DIR)/exe/odbc_config $(STAGING_DIR_HOST)/bin
$(INSTALL_DIR) $(STAGING_DIR)/host/bin
$(INSTALL_BIN) $(HOST_BUILD_DIR)/exe/odbc_config $(STAGING_DIR)/host/bin/
endef
$(eval $(call BuildPackage,libodbc))
$(eval $(call BuildPackage,libodbccr))
$(eval $(call BuildPackage,libodbcinst))
$(eval $(call BuildPackage,unixodbc))
$(eval $(call BuildPackage,unixodbc-tools))
$(eval $(call BuildPackage,pgsqlodbc))

3
libs/unixodbc/files/pgsqlodbc.ini Normal file
View file

@ -0,0 +1,3 @@
[PostgreSQL]
Description = unixODBC PostgreSQL driver
Driver = /usr/lib/libodbcpsql.so

22
libs/unixodbc/files/unixodbc_conf.h
View file

@ -1,22 +0,0 @@
@ifndef HAVE_UNISTD_H
@define HAVE_UNISTD_H
@endif
@ifndef HAVE_PWD_H
@define HAVE_PWD_H
@endif
@ifndef HAVE_SYS_TYPES_H
@define HAVE_SYS_TYPES_H
@endif
@ifndef HAVE_LONG_LONG
@define HAVE_LONG_LONG
@endif
@ifndef ODBCINT64
@define ODBCINT64 long
@endif
@ifndef UODBCINT64
@define UODBCINT64 unsigned long
@endif
@ifndef SIZEOF_LONG_INT
@define SIZEOF_LONG_INT __SIZEOF_LONG__
@endif

36
libs/unixodbc/patches/100-cross-compile-odbc-config.patch
View file

@ -1,36 +0,0 @@
--- a/exe/odbc-config.c
+++ b/exe/odbc-config.c
@@ -40,6 +40,33 @@
#include <unistd.h>
#endif
+#ifdef USE_UNIXODBC_CONF_H
+
+#ifdef HAVE_UNISTD_H
+#undef HAVE_UNISTD_H
+#endif
+#ifdef HAVE_PWD_H
+#undef HAVE_PWD_H
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#undef HAVE_SYS_TYPES_H
+#endif
+#ifdef HAVE_LONG_LONG
+#undef HAVE_LONG_LONG
+#endif
+#ifdef ODBCINT64
+#undef ODBCINT64
+#endif
+#ifdef UODBCINT64
+#undef UODBCINT64
+#endif
+#ifdef SIZEOF_LONG_INT
+#undef SIZEOF_LONG_INT
+#endif
+
+#include <unixodbc_conf.h>
+#endif
+
#include <sql.h>
static void usage( void )

5
libs/unixodbc/test.sh Normal file
View file

@ -0,0 +1,5 @@
#!/bin/sh
[ "$1" = unixodbc-tools ] || exit 0
isql --version | grep -Fx "unixODBC $PKG_VERSION"

10
mail/fdm/Makefile
View file

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fdm
PKG_VERSION:=2.0
PKG_RELEASE:=3
PKG_VERSION:=2.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/nicm/fdm/releases/download/$(PKG_VERSION)
PKG_HASH:=06b28cb6b792570bc61d7e29b13d2af46b92fea77e058b2b17e11e8f7ed0cea4
PKG_HASH:=53aad117829834e21c1b9bf20496a1aa1c0e0fb98fe7735e1e73314266fb6c16
PKG_MAINTAINER:=Dmitry V. Zimin <pfzim@mail.ru>
PKG_LICENSE:=BSD-2-Clause
@ -30,7 +30,7 @@ define Package/fdm
TITLE:=fetch mail and deliver
URL:=https://github.com/nicm/fdm
MENU:=1
DEPENDS:=+tdb +zlib +libopenssl +FDM_WITH_PCRE:libpcre
DEPENDS:=+tdb +zlib +libopenssl +FDM_WITH_PCRE:libpcre2
USERID:=_fdm=99:_fdm=99
endef
@ -42,7 +42,7 @@ define Package/fdm/description
endef
ifdef CONFIG_FDM_WITH_PCRE
CONFIGURE_ARGS += --enable-pcre
CONFIGURE_ARGS += --enable-pcre2
endif
define Package/fdm/config

9
mail/fdm/patches/010-ntop-fix.patch
View file

@ -1,9 +0,0 @@
--- a/Makefile.am
+++ b/Makefile.am
@@ -123,6 +123,3 @@ endif
if NO_STRTONUM
nodist_fdm_SOURCES += compat/strtonum.c
endif
-if NO_B64_NTOP
-nodist_fdm_SOURCES += compat/base64.c
-endif

24
mail/fdm/patches/020-Fix-compile-with-OpenSSL-1.1.0.patch
View file

@ -1,24 +0,0 @@
From 3aa079c4885d89257c5033b4992011511b603150 Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Tue, 26 Jun 2018 14:14:34 -0700
Subject: [PATCH] Fix compile with OpenSSL 1.1.0
OpenSSL 1.1.0 deprecared SSL_library_init and SSL_load_error_strings.
They're part of OPENSSL_init_ssl now.
---
fdm.c | 2 ++
1 file changed, 2 insertions(+)
--- a/fdm.c
+++ b/fdm.c
@@ -717,8 +717,10 @@ retry:
}
conf.lock_file = lock;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_library_init();
SSL_load_error_strings();
+#endif
/* Filter account list. */
TAILQ_INIT(&actaq);

30
mail/fdm/patches/030-cdefs.patch
View file

@ -1,30 +0,0 @@
From 3232e537ccaba4417b25d9d70264e4a5533042da Mon Sep 17 00:00:00 2001
From: Nicholas Marriott <nicholas.marriott@gmail.com>
Date: Mon, 18 Mar 2019 13:04:00 +0000
Subject: [PATCH] Fix bas64 declarations, from makepost at firemail dot cc.
---
fdm.h | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/fdm.h
+++ b/fdm.h
@@ -20,7 +20,6 @@
#define FDM_H
#include <sys/param.h>
-#include <sys/cdefs.h>
#include <sys/stat.h>
#ifdef HAVE_QUEUE_H
@@ -725,8 +724,8 @@ size_t strlcat(char *, const char *, s
#ifndef HAVE_B64_NTOP
/* base64.c */
-int b64_ntop(src, srclength, target, targsize);
-int b64_pton(src, target, targsize);
+int b64_ntop(u_char const *, size_t, char *, size_t);
+int b64_pton(char const *, u_char *, size_t);
#endif
/* shm.c */

75
mail/fdm/patches/100-Fix-bugs-in-PCRE2-code-don-t-walk-off-the-end-of-the.patch Normal file
View file

@ -0,0 +1,75 @@
From f1ec1982725d60045c0d871f3e613f2880046c22 Mon Sep 17 00:00:00 2001
From: Nicholas Marriott <nicholas.marriott@gmail.com>
Date: Wed, 1 Feb 2023 15:31:30 +0000
Subject: [PATCH] Fix bugs in PCRE2 code - don't walk off the end of the match
list if NOMATCH is returned, and don't stop on empty matches. From Thomas
Hurst.
---
pcre.c | 45 ++++++++++++++++++++++++++-------------------
1 file changed, 26 insertions(+), 19 deletions(-)
--- a/pcre.c
+++ b/pcre.c
@@ -66,7 +66,7 @@ int
re_block(struct re *re, const void *buf, size_t len, struct rmlist *rml,
char **cause)
{
- int res;
+ int res, ret;
pcre2_match_data *pmd;
PCRE2_SIZE *ovector;
u_int i, j;
@@ -85,27 +85,34 @@ re_block(struct re *re, const void *buf,
}
pmd = pcre2_match_data_create_from_pattern(re->pcre2, NULL);
- res = pcre2_match(re->pcre2, buf, len, 0, 0, pmd, NULL);
- if (res < 0 && res != PCRE2_ERROR_NOMATCH) {
- xasprintf(cause, "%s: regexec failed", re->str);
- pcre2_match_data_free(pmd);
- return (-1);
- }
+ if (pmd == NULL)
+ fatalx("pcre2_match_data_create_from_pattern failed");
- if (rml != NULL) {
- ovector = pcre2_get_ovector_pointer(pmd);
- for (i = 0; i < res; i++) {
- j = i * 2;
- if (ovector[j + 1] <= ovector[j])
- break;
- rml->list[i].valid = 1;
- rml->list[i].so = ovector[j];
- rml->list[i].eo = ovector[j + 1];
+ res = pcre2_match(re->pcre2, buf, len, 0, 0, pmd, NULL);
+ if (res > 0) {
+ if (rml != NULL) {
+ if (res > NPMATCH)
+ res = NPMATCH;
+ ovector = pcre2_get_ovector_pointer(pmd);
+ for (i = 0; i < res; i++) {
+ j = i * 2;
+ if (ovector[j + 1] < ovector[j])
+ break;
+ rml->list[i].valid = 1;
+ rml->list[i].so = ovector[j];
+ rml->list[i].eo = ovector[j + 1];
+ }
+ rml->valid = 1;
}
- rml->valid = 1;
+ ret = 1;
+ } else if (res == PCRE2_ERROR_NOMATCH)
+ ret = 0;
+ else {
+ xasprintf(cause, "%s: regexec failed", re->str);
+ ret = -1;
}
-
- return (res != PCRE2_ERROR_NOMATCH);
+ pcre2_match_data_free(pmd);
+ return (ret);
}
void

21
mail/fdm/patches/101-Fix-use-after-free-GitHub-issue-126.patch Normal file
View file

@ -0,0 +1,21 @@
From 028f59bef0ea9435fb8fbe095b2939652ce63479 Mon Sep 17 00:00:00 2001
From: Nicholas Marriott <nicholas.marriott@gmail.com>
Date: Mon, 3 Apr 2023 08:54:28 +0100
Subject: [PATCH] Fix use-after-free, GitHub issue 126.
---
connect.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/connect.c
+++ b/connect.c
@@ -550,8 +550,8 @@ httpproxy(struct server *srv,
if (strlen(line) < 12 ||
strncmp(line, "HTTP/", 5) != 0 ||
strncmp(line + 8, " 200", 4) != 0) {
- xfree(line);
xasprintf(cause, "unexpected data: %s", line);
+ xfree(line);
return (-1);
}
header = 1;

12
mail/postfix/Makefile
View file

@ -8,14 +8,14 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=postfix
PKG_VERSION:=3.5.8
PKG_RELEASE:=3
PKG_VERSION:=3.8.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:= \
https://de.postfix.org/ftpmirror/official/ \
http://ftp.porcupine.org/mirrors/postfix-release/official/
PKG_HASH:=22582628cf3edc18c5155c9ff44543dd95a9435fb68135d76a99f572cb07456f
PKG_HASH:=6790903cdbb5e0e47196691eb9a5f2cf8050262def941e039e6d4bf4043a5e30
PKG_MAINTAINER:=Denis Shulyaka <Shulyaka@gmail.com>
PKG_LICENSE:=IPL-1.0
@ -44,7 +44,7 @@ define Package/postfix
postfix=25:postfix=25 \
postdrop=26:postdrop=26
URL:=http://www.postfix.org/
DEPENDS:=+POSTFIX_CDB:tinycdb +POSTFIX_TLS:libopenssl +POSTFIX_SASL:libsasl2 +POSTFIX_LDAP:libopenldap +POSTFIX_DB:libdb47 +POSTFIX_SQLITE:libsqlite3 +POSTFIX_MYSQL:libmysqlclient +POSTFIX_PGSQL:libpq +POSTFIX_EAI:icu +POSTFIX_PCRE:libpcre
DEPENDS:=+POSTFIX_CDB:tinycdb +POSTFIX_TLS:libopenssl +POSTFIX_SASL:libsasl2 +POSTFIX_LDAP:libopenldap +POSTFIX_DB:libdb47 +POSTFIX_SQLITE:libsqlite3 +POSTFIX_MYSQL:libmysqlclient +POSTFIX_PGSQL:libpq +POSTFIX_EAI:icu +POSTFIX_PCRE:libpcre2
MENU:=1
endef
@ -172,8 +172,8 @@ ifdef CONFIG_POSTFIX_PGSQL
endif
ifdef CONFIG_POSTFIX_PCRE
CCARGS+=-DHAS_PCRE -I$(STAGING_DIR)/usr/include/
AUXLIBS+=-L$(STAGING_DIR)/usr/lib -lpcre
CCARGS+=-DHAS_PCRE2 -I$(STAGING_DIR)/usr/include/
AUXLIBS+=-L$(STAGING_DIR)/usr/lib -lpcre2-8
else
CCARGS+=-DNO_PCRE
endif

10
mail/postfix/patches/100-correct-signature-of-closefrom-API.patch
View file

@ -44,7 +44,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
#endif
--- a/src/util/sys_defs.h
+++ b/src/util/sys_defs.h
@@ -1509,7 +1509,7 @@ extern int setsid(void);
@@ -1519,7 +1519,7 @@ extern int setsid(void);
#endif
#ifndef HAS_CLOSEFROM
@ -53,7 +53,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
#endif
@@ -1563,7 +1563,7 @@ typedef int pid_t;
@@ -1573,7 +1573,7 @@ typedef int pid_t;
/*
* Clang-style attribute tests.
@ -62,7 +62,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
* XXX Without the unconditional test below, gcc 4.6 will barf on ``elif
* defined(__clang__) && __has_attribute(__whatever__)'' with error message
* ``missing binary operator before token "("''.
@@ -1577,7 +1577,7 @@ typedef int pid_t;
@@ -1587,7 +1587,7 @@ typedef int pid_t;
* warn for missing initializations and other trouble. However, OPENSTEP4
* gcc 2.7.x cannot handle this so we define this only if NORETURN isn't
* already defined above.
@ -71,7 +71,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Data point: gcc 2.7.2 has __attribute__ (Wietse Venema) but gcc 2.6.3 does
* not (Clive Jones). So we'll set the threshold at 2.7.
*/
@@ -1653,12 +1653,12 @@ typedef int pid_t;
@@ -1663,12 +1663,12 @@ typedef int pid_t;
* write to output parameters (for example, stat- or scanf-like functions)
* or from functions that have other useful side effects (for example,
* fseek- or rename-like functions).
@ -86,7 +86,7 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
* XXX Prepending "(void)" won't shut up GCC. Clang behaves as expected.
*/
#if ((__GNUC__ == 3 && __GNUC_MINOR__ >= 4) || __GNUC__ > 3)
@@ -1747,7 +1747,7 @@ typedef const char *CONST_CHAR_STAR;
@@ -1749,7 +1749,7 @@ typedef const char *CONST_CHAR_STAR;
* Safety. On some systems, ctype.h misbehaves with non-ASCII or negative
* characters. More importantly, Postfix uses the ISXXX() macros to ensure
* protocol compliance, so we have to rule out non-ASCII characters.

4
mail/postfix/patches/300-bdb_hash_segfault.patch
View file

@ -1,6 +1,6 @@
--- a/src/util/dict_db.c
+++ b/src/util/dict_db.c
@@ -750,8 +750,8 @@ static DICT *dict_db_open(const char *cl
@@ -751,8 +751,8 @@ static DICT *dict_db_open(const char *cl
msg_fatal("create DB database: %m");
if (db == 0)
msg_panic("db_create null result");
@ -9,5 +9,5 @@
+// if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0)
+// msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM);
db_base_buf = vstring_alloc(100);
#if DB_VERSION_MAJOR == 6 || DB_VERSION_MAJOR == 5 || \
#if DB_VERSION_MAJOR == 18 || DB_VERSION_MAJOR == 6 || DB_VERSION_MAJOR == 5 || \
(DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0)

2
mail/postfix/patches/400-cdb.patch
View file

@ -1,6 +1,6 @@
--- a/src/util/sys_defs.h
+++ b/src/util/sys_defs.h
@@ -760,9 +760,8 @@ extern int initgroups(const char *, int)
@@ -774,9 +774,8 @@ extern int initgroups(const char *, int)
#define INTERNAL_LOCK MYFLOCK_STYLE_FLOCK
#define DEF_MAILBOX_LOCK "fcntl, dotlock" /* RedHat >= 4.x */
#define HAS_FSYNC

4
mail/postfix/patches/500-crosscompile.patch
View file

@ -1,6 +1,6 @@
--- a/makedefs
+++ b/makedefs
@@ -215,7 +215,7 @@ error() {
@@ -233,7 +233,7 @@ ARFL=rv
case $# in
# Officially supported usage.
@ -9,7 +9,7 @@
RELEASE=`(uname -r) 2>/dev/null`
# No ${x%%y} support in Solaris 11 /bin/sh
RELEASE_MAJOR=`expr "$RELEASE" : '\([0-9]*\)'` || exit 1
@@ -242,6 +242,15 @@ case "$SYSTEM" in
@@ -247,6 +247,15 @@ case $# in
esac
case "$SYSTEM.$RELEASE" in

2
mail/postfix/patches/501-include_stdio.patch
View file

@ -1,6 +1,6 @@
--- a/src/posttls-finger/posttls-finger.c
+++ b/src/posttls-finger/posttls-finger.c
@@ -342,6 +342,7 @@
@@ -346,6 +346,7 @@
#include <sys/un.h>
#include <netinet/in.h>
#include <arpa/inet.h>

12
mail/postfix/patches/502-detect-glibc.patch
View file

@ -1,12 +0,0 @@
--- a/src/util/sys_defs.h
+++ b/src/util/sys_defs.h
@@ -749,7 +749,8 @@ extern int initgroups(const char *, int)
/*
* LINUX.
*/
-#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5)
+#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) \
+ || defined(LINUX6)
#define SUPPORTED
#define UINT32_TYPE unsigned int
#define UINT16_TYPE unsigned short

4
mail/postfix/patches/700-defaultconfig.patch
View file

@ -1,6 +1,6 @@
--- a/conf/main.cf
+++ b/conf/main.cf
@@ -40,43 +40,8 @@ compatibility_level = 2
@@ -44,43 +44,8 @@ compatibility_level = 3.8
#
#soft_bounce = no
@ -44,7 +44,7 @@
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
@@ -632,45 +597,4 @@ debugger_command =
@@ -641,45 +606,4 @@ debugger_command =
# -dmS $process_name gdb $daemon_directory/$process_name
# $process_id & sleep 1

5
multimedia/tvheadend/Config.in
View file

@ -36,11 +36,6 @@ choice
help
Use internal POSIX Regular Expressions.
Note that not all EPG parsers will work with POSIX RegEx.
config TVHEADEND_REGEX_PCRE
bool "PCRE (libpcre)"
select PACKAGE_libpcre
help
Use more advanced Perl-Compatible Regular Expressions, provided by libpcre.
config TVHEADEND_REGEX_PCRE2
bool "PCRE2 (libpcre2)"
select PACKAGE_libpcre2

12
multimedia/tvheadend/Makefile
View file

@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=tvheadend
PKG_VERSION:=2023-06-05
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/tvheadend/tvheadend.git
@ -36,7 +36,6 @@ define Package/tvheadend
$(ICONV_DEPENDS) \
+zlib \
+TVHEADEND_AVAHI_SUPPORT:libavahi-client \
+TVHEADEND_REGEX_PCRE:libpcre \
+TVHEADEND_REGEX_PCRE2:libpcre2 \
+BUILD_PATENTED&&TVHEADEND_CSA:libdvbcsa
@ -77,15 +76,12 @@ ifeq ($(CONFIG_TVHEADEND_TRACE),)
CONFIGURE_ARGS += --disable-trace
endif
CONFIGURE_ARGS += --disable-pcre
ifneq ($(CONFIG_TVHEADEND_REGEX_PCRE2),)
CONFIGURE_ARGS += --disable-pcre --enable-pcre2
else
ifneq ($(CONFIG_TVHEADEND_REGEX_PCRE),)
CONFIGURE_ARGS += --enable-pcre --disable-pcre2
CONFIGURE_ARGS += --enable-pcre2
else
ifneq ($(CONFIG_TVHEADEND_REGEX_POSIX),)
CONFIGURE_ARGS += --disable-pcre --disable-pcre2
endif
CONFIGURE_ARGS += --disable-pcre2
endif
endif

1
net/aircrack-ng/Makefile
View file

@ -83,6 +83,7 @@ CONFIGURE_ARGS += \
--with-libpcap-include=$(STAGING_DIR)/usr/include \
--with-libpcap-lib=$(STAGING_DIR)/usr/lib \
--without-opt \
--with-libbsd=no \
\
PYTHON=$(PYTHON) \
\

58
net/aircrack-ng/patches/104-build-add-option-to-disable-bsd-library-inclusion.patch Normal file
View file

@ -0,0 +1,58 @@
From 0265e79f3c9a27a3ffd186e7d3bcd2f744052605 Mon Sep 17 00:00:00 2001
From: Christian Marangi <ansuelsmth@gmail.com>
Date: Sat, 28 Oct 2023 17:30:09 +0200
Subject: [PATCH] build: add option to disable bsd library inclusion
It might be needed to disable bsd inclusion and fallback to the compat
functions even if bsd headers are detected.
This is the case when multiple library are cross-compiled and someone
wants to explicitly compile aircrack-ng without linking to bsd library.
With the current implementation, if a bsd header is detected, the bsd
library is always linked even if unwanted. Add option to configure this
with the combo --with-libbsd=yes|no|auto with auto set by default.
Also add an extra featurw with introducing the possibility of requiring
the bsd library and fail the configure phase.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
---
build/m4/aircrack_ng_compat.m4 | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
--- a/build/m4/aircrack_ng_compat.m4
+++ b/build/m4/aircrack_ng_compat.m4
@@ -38,11 +38,29 @@ dnl If you delete this exception stateme
dnl program, then also delete it here.
AC_DEFUN([AIRCRACK_NG_COMPAT], [
+AC_ARG_WITH(libbsd,
+ [AS_HELP_STRING([--with-libbsd[[=auto|yes|no]]], [use BSD library, [default=auto]])])
+
+case $with_libbsd in
+ yes | "" | auto)
+ AC_CHECK_HEADERS([bsd/string.h], [HAVE_BSD_STRING_H=yes])
+ AC_CHECK_LIB([bsd], [strlcpy], [:])
+ AC_CHECK_FUNCS([strlcpy strlcat], [:])
+ ;;
+esac
-AC_CHECK_HEADERS([bsd/string.h], [HAVE_BSD_STRING_H=yes], [HAVE_BSD_STRING_H=no])
AM_CONDITIONAL([HAVE_BSD_STRING_H], [test "$HAVE_BSD_STRING_H" = yes])
-AC_CHECK_LIB([bsd], [strlcpy], [ LIBS="$LIBS -lbsd" ], [:])
-AC_CHECK_FUNCS([strlcpy strlcat], [:])
+
+if test $with_libbsd != no
+then
+ if test $ac_cv_lib_bsd_strlcpy = yes
+ then
+ LIBS="$LIBS -lbsd"
+ elif test $with_libbsd = yes
+ then
+ AC_MSG_ERROR([cannot configure required bsd library])
+ fi
+fi
have_bsd=no
if test "$cross_compiling" != yes

30
net/aircrack-ng/patches/105-build-support-strlcat-strlcpy-from-musl-or-recent-gl.patch Normal file
View file

@ -0,0 +1,30 @@
From 6317063da827732dbc5cc0dd1650ed016bd2927c Mon Sep 17 00:00:00 2001
From: Christian Marangi <ansuelsmth@gmail.com>
Date: Sun, 29 Oct 2023 14:41:18 +0100
Subject: [PATCH] build: support strlcat/strlcpy from musl or recent glibc
Musl or recent glibc added support for these additional string function,
strlcat and strlcpy hence the compat function are not needed and the
builtin version can be used instead.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
---
build/m4/aircrack_ng_compat.m4 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/build/m4/aircrack_ng_compat.m4
+++ b/build/m4/aircrack_ng_compat.m4
@@ -41,11 +41,12 @@ AC_DEFUN([AIRCRACK_NG_COMPAT], [
AC_ARG_WITH(libbsd,
[AS_HELP_STRING([--with-libbsd[[=auto|yes|no]]], [use BSD library, [default=auto]])])
+AC_CHECK_FUNCS([strlcpy strlcat], [:])
+
case $with_libbsd in
yes | "" | auto)
AC_CHECK_HEADERS([bsd/string.h], [HAVE_BSD_STRING_H=yes])
AC_CHECK_LIB([bsd], [strlcpy], [:])
- AC_CHECK_FUNCS([strlcpy strlcat], [:])
;;
esac

2
net/apinger/Makefile
View file

@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=apinger
PKG_SOURCE_DATE:=2015-04-09
PKG_SOURCE_VERSION:=78eb328721ba1a10571c19df95acddcb5f0c17c8
PKG_RELEASE:=5
PKG_RELEASE:=6
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/Jajcus/apinger

21
net/apinger/files/apinger.init
View file

@ -54,10 +54,15 @@ append_target() {
config_get_bool rrd "$target" rrd 0
[ -z "$address" ] && return 0
srcip=$(uci_get network "$interface" ipaddr)
[ -z "$srcip" ] && network_get_ipaddr srcip "$interface"
srcip="${srcip:-0.0.0.0}"
if [ -z $(echo "$address"|sed "/:/d") ]; then
srcip=$(uci_get network "$interface" ip6addr)
[ -z "$srcip"] && network_get_ipaddr6 srcip "$interface"
srcip="${srcip:-::}"
else
srcip=$(uci_get network "$interface" ipaddr)
[ -z "$srcip"] && network_get_ipaddr srcip "$interface"
srcip="${srcip:-0.0.0.0}"
fi
alarms=${alarm_down:+\"${alarm_down}\"}
alarms=${alarm_delay:+${alarms:+${alarms}, }}${alarm_delay:+\"${alarm_delay}\"}
@ -115,7 +120,7 @@ append_alarm_loss() {
local percent_low percent_high
config_get percent_low "$alarm" percent_low
config_get percent_high "$alarm" percent_low
config_get percent_high "$alarm" percent_high
if [ -z "$percent_low" ] || [ -z "$percent_high" ]; then
return
@ -132,9 +137,9 @@ init_apinger_config() {
local debug status_interval rrd_interval instance
instance=$1
config_get_bool debug apinger debug 0
config_get status_interval apinger status_interval 1
config_get rrd_interval apinger rrd_interval 30
config_get_bool debug "$instance" debug 0
config_get status_interval "$instance" status_interval 1
config_get rrd_interval "$instance" rrd_interval 30
[ "$debug" = "1" ] && debug=on || debug=off

2
net/apinger/files/apinger.rpc
View file

@ -38,7 +38,7 @@ apinger_status() {
if [ -f "$status_file" ]; then
_IFS="$IFS"
IFS="|"
while read -r address srcip target received sent timestamp latency loss alarm; do
while read -r address srcip target sent received timestamp latency loss alarm; do
json_add_object targets
json_add_string interface "$iface"
json_add_string target "$target"

4
net/freeradius3/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=freeradius3
PKG_VERSION:=3.0.26
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=freeradius-server-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/releases/download/release_$(subst .,_,$(PKG_VERSION))/
@ -63,7 +63,7 @@ endef
define Package/freeradius3-common
$(call Package/freeradius3/Default)
TITLE:=common files
DEPENDS:=+USE_GLIBC:libpthread +USE_GLIBC:libbsd +FREERADIUS3_OPENSSL:libopenssl +libcap +libpcap +libncurses +libpcre +libreadline +libtalloc +libatomic
DEPENDS:=+USE_GLIBC:libpthread +USE_GLIBC:libbsd +FREERADIUS3_OPENSSL:libopenssl +libcap +libpcap +libncurses +libpcre2 +libreadline +libtalloc +libatomic
endef
define Package/freeradius3-default

2
net/keepalived/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=keepalived
PKG_VERSION:=2.2.8
PKG_RELEASE:=3
PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.keepalived.org/software

7
net/keepalived/files/keepalived.init
View file

@ -105,6 +105,11 @@ globals() {
printf '%benable_script_security\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
printf '%bprocess_names\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
printf '%bstartup_script "/bin/busybox env -i ACTION=startup /sbin/hotplug-call keepalived"\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
printf '%bstartup_script_timeout 10\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
printf '%bshutdown_script "/bin/busybox env -i ACTION=shutdown /sbin/hotplug-call keepalived"\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
printf '%bshutdown_script_timeout 10\n' "${INDENT_1}" >> "$KEEPALIVED_CONF"
config_get notification_email "$1" notification_email
print_list_indent notification_email
@ -353,7 +358,7 @@ vrrp_instance() {
garp_master_repeat garp_master_refresh_repeat \
no_val_vmac_xmit_base no_val_native_ipv6 no_val_accept \
no_val_dont_track_primary no_val_smtp_alert no_val_nopreempt \
no_val_use_vmac
no_val_use_vmac no_val_no_accept
print_notify "INSTANCE" "$name" "$INDENT_1" notify_backup notify_master \
notify_fault notify_stop

4
net/knot/Makefile
View file

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=knot
PKG_VERSION:=3.3.1
PKG_VERSION:=3.3.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://secure.nic.cz/files/knot-dns/
PKG_HASH:=f3f4b1d49ec9b81113b14a38354b823bd4a470356ed7e8e555595b6fd1ac80c9
PKG_HASH:=0d65d4b59f5df69b78c6295ade0a2ea7931831de7ef5eeee3e00f8a20af679e4
PKG_MAINTAINER:=Daniel Salzman <daniel.salzman@nic.cz>
PKG_LICENSE:=GPL-3.0 LGPL-2.0 0BSD BSD-3-Clause OLDAP-2.8

17
net/knot/patches/03_libdnssec_pkcs11_support.patch Normal file
View file

@ -0,0 +1,17 @@
--- a/src/libdnssec/key/key.c
+++ b/src/libdnssec/key/key.c
@@ -146,10 +146,14 @@ dnssec_key_t *dnssec_key_dup(const dnsse
gnutls_privkey_type_t type = gnutls_privkey_get_type(key->private_key);
if (type == GNUTLS_PRIVKEY_PKCS11) {
+#ifdef ENABLE_PKCS11
gnutls_pkcs11_privkey_t tmp;
gnutls_privkey_export_pkcs11(key->private_key, &tmp);
gnutls_privkey_import_pkcs11(dup->private_key, tmp,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+#else
+ assert(0);
+#endif
} else {
assert(type == GNUTLS_PRIVKEY_X509);
gnutls_x509_privkey_t tmp;

147
net/libreswan/Makefile
View file

@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=libreswan
PKG_VERSION:=4.12
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://download.libreswan.org/
@ -25,46 +25,65 @@ PKG_BUILD_FLAGS:=lto
include $(INCLUDE_DIR)/package.mk
define Package/libreswan/Default
TITLE:=Libreswan
URL:=https://libreswan.org/
endef
define Package/libreswan/Default/description
Libreswan is a free software implementation of the most widely supported and
standardized VPN protocol based on ("IPsec") and the Internet Key Exchange
("IKE"). These standards are produced and maintained by the Internet
Engineering Task Force ("IETF").
endef
define Package/libreswan
$(call Package/libreswan/Default)
define Package/libreswan/default
SUBMENU:=VPN
SECTION:=net
CATEGORY:=Network
DEPENDS:= +IPV6:kmod-ip6-vti +IPV6:kmod-ipsec6 +ip-full +iptables-mod-ipsec \
+kmod-crypto-aead +kmod-crypto-authenc +kmod-crypto-gcm \
+kmod-crypto-hash +kmod-crypto-rng +kmod-ip-vti +kmod-ipsec \
+kmod-ipsec4 +kmod-ipt-ipsec +kmod-xfrm-interface +libevent2 +libevent2-pthreads \
+libldns +librt +libunbound +nss-utils +nspr +libcap-ng
TITLE:=Libreswan
URL:=https://libreswan.org/
PROVIDES:=openswan
CONFLICTS:=strongswan
TITLE+= IPsec Server
endef
define Package/libreswan
$(Package/libreswan/default)
DEPENDS:= \
+kmod-ip-vti +IPV6:kmod-ip6-vti \
+kmod-ipsec +kmod-ipsec4 +IPV6:kmod-ipsec6 \
+ip-full +kmod-xfrm-interface \
+libevent2 +libevent2-pthreads \
+libldns +librt +libunbound +nss-utils +nspr +libcap-ng \
+kmod-crypto-acompress \
+kmod-crypto-aead \
+kmod-crypto-authenc \
+kmod-crypto-arc4 \
+kmod-crypto-cbc \
+kmod-crypto-ccm \
+kmod-crypto-chacha20poly1305 \
+kmod-crypto-cmac \
+kmod-crypto-ctr \
+kmod-crypto-cts \
+kmod-crypto-des \
+kmod-crypto-ecb \
+kmod-crypto-ecdh \
+kmod-crypto-gcm \
+kmod-crypto-ghash \
+kmod-crypto-hash \
+kmod-crypto-hmac \
+kmod-crypto-md4 \
+kmod-crypto-md5 \
+kmod-crypto-null \
+kmod-crypto-pcbc \
+kmod-crypto-sha1 \
+kmod-crypto-sha256 \
+kmod-crypto-sha512 \
+kmod-crypto-xcbc \
+kmod-crypto-rng
endef
define Package/libreswan/description
$(call Package/libreswan/Default/description)
Libreswan is a free software implementation of the most widely supported and
standardized VPN protocol based on ("IPsec") and the Internet Key Exchange
("IKE"). These standards are produced and maintained by the Internet
Engineering Task Force ("IETF").
Libreswan is a free software implementation of the most widely supported and
standardized VPN protocol based on ("IPsec") and the Internet Key Exchange
("IKE"). These standards are produced and maintained by the Internet
Engineering Task Force ("IETF").
endef
define Package/libreswan/conffiles
/etc/ipsec.d
/etc/ipsec.conf
/etc/ipsec.secrets
/etc/config/libreswan
/etc/ipsec.user
endef
TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
MAKE_FLAGS+= \
@ -103,20 +122,82 @@ endef
define Package/libreswan/install
$(INSTALL_DIR) \
$(1)/etc/init.d \
$(1)/etc/ipsec.d/policies \
$(1)/usr/libexec/ipsec \
$(1)/usr/sbin
$(1)/usr/sbin \
$(1)/etc/config \
$(1)/etc/init.d \
$(1)/etc/hotplug.d/libreswan \
$(1)/etc/hotplug.d/iface \
$(1)/usr/libexec/rpcd \
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec \
$(1)/usr/sbin/ipsec
$(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
$(INSTALL_DATA) ./files/ipsec.conf $(1)/etc/ipsec.conf
$(INSTALL_DATA) ./files/ipsec.secrets $(1)/etc/ipsec.secrets
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ipsec.d/policies/* \
$(1)/etc/ipsec.d/policies/
$(CP) $(PKG_INSTALL_DIR)/usr/libexec/ipsec/* \
$(1)/usr/libexec/ipsec/
$(INSTALL_BIN) ./files/usr/libexec/ipsec/_updown.xfrm $(1)/usr/libexec/ipsec/_updown.xfrm
$(INSTALL_BIN) ./files/etc/init.d/ipsec $(1)/etc/init.d/ipsec
$(INSTALL_BIN) ./files/usr/libexec/rpcd/libreswan $(1)/usr/libexec/rpcd/libreswan
$(INSTALL_DATA) ./files/etc/ipsec.conf $(1)/etc/ipsec.conf
$(INSTALL_DATA) ./files/etc/ipsec.secrets $(1)/etc/ipsec.secrets
$(INSTALL_DATA) ./files/etc/config/libreswan $(1)/etc/config/libreswan
$(INSTALL_DATA) ./files/etc/hotplug.d/libreswan/01-user $(1)/etc/hotplug.d/libreswan/01-user
$(INSTALL_DATA) ./files/etc/hotplug.d/libreswan/02-vti $(1)/etc/hotplug.d/libreswan/02-vti
$(INSTALL_DATA) ./files/etc/hotplug.d/iface/89-libreswan $(1)/etc/hotplug.d/iface/89-libreswan
endef
define Package/libreswan-nftables
$(Package/libreswan/default)
TITLE+= nftables plugin)
DEPENDS+=firewall4 +libreswan +kmod-nft-xfrm +nftables \
+kmod-nfnetlink-log
endef
define Package/libreswan-nftables/description
Provides Libreswan nftables plugin for adding firewall rules
endef
define Package/libreswan-nftables/install
$(INSTALL_DIR) $(1)/etc/hotplug.d/libreswan \
$(1)/usr/share/nftables.d/ruleset-post
$(CP) ./files/usr/share/nftables.d/* $(1)/usr/share/nftables.d
$(CP) ./files/etc/hotplug.d/libreswan/62-nftables $(1)/etc/hotplug.d/libreswan/62-nftables
$(LN) /tmp/libreswan/firewall.d/libreswan.rules $(1)/usr/share/nftables.d/ruleset-post/10_libreswan.nft
endef
define Package/libreswan-iptables
$(Package/libreswan/default)
TITLE+= iptables plugin)
DEPENDS+=firewall +libreswan +iptables-mod-ipsec +kmod-ipt-ipsec \
+iptables-zz-legacy +IPV6:ip6tables-zz-legacy \
+kmod-ipt-nflog +iptables-mod-nflog
endef
define Package/libreswan-iptables/description
Provides Libreswan iptables plugin for adding firewall rules
endef
define Package/libreswan-iptables/install
$(INSTALL_DIR) $(1)/etc \
$(1)/etc/uci-defaults \
$(1)/etc/hotplug.d/libreswan
$(CP) ./files/etc/hotplug.d/libreswan/61-iptables $(1)/etc/hotplug.d/libreswan/61-iptables
$(CP) ./files/etc/uci-defaults/091-libreswan $(1)/etc/uci-defaults/091-libreswan
$(INSTALL_BIN) ./files/etc/libreswan_firewall.sh $(1)/etc/libreswan_firewall.sh
endef
define Package/libreswan-iptables/postinst
#!/bin/sh
[ -n "$$IPKG_INSTROOT" ] || {
/etc/init.d/firewall reload
}
endef
$(eval $(call BuildPackage,libreswan))
$(eval $(call BuildPackage,libreswan-nftables))
$(eval $(call BuildPackage,libreswan-iptables))

41
net/libreswan/files/etc/config/libreswan Normal file
View file

@ -0,0 +1,41 @@
config libreswan 'globals'
option debug '0' # set debug mode none/all
list virtual_private '10.0.0.0/8'
list virtual_private '192.168.0.0/16'
list virtual_private '172.16.0.0/12'
list virtual_private '25.0.0.0/8'
list virtual_private '100.64.0.0/10'
list virtual_private '!100.64.0.0/24' # the address ranges that may live behind a NAT router through which a client connects
# option listen '192.168.2.100' # listening address, if set listen_interface would not be used
# option listen_interface 'wan' # listening interface
# option uniqueids 'yes' # yes/no
# config crypto_proposal 'p1'
# list encryption_algorithm '3des' # possible values: 3des, aes, aes_ctr, aes_cbc, aes128, aes192, aes256, camellia_cbc
# list hash_algorithm 'md5' # possible values: md5, sha1, sha256, sha384, sha512
# list dh_group 'modp1536' # possible values: modp1536, modp2048, modp3072, modp4096, modp6144, modp8192, dh19, dh20, dh21, dh22, dh31
# config tunnel 'vti2_1_5'
# option left '192.168.1.1'
# option left_interface 'wan' # interface ipaddr to be used as left
# option leftid '@left' # local id
# option right '192.168.2.201' # remote endpoint public ip
# option rightid '@62dd3e3f82339b002405245b' # rightid
# option auto 'start' # what operation, should be done automatically at IPsec startup
# option authby 'secret' # how the two security gateways should authenticate each other
# option psk 'AyG9RlTtQJIUxgxG' # preshare key
# option ikev2 '1' # ike version
# option ikelifetime '8h'
# option rekey '1'
# option rekeymargin '9m'
# option dpdaction 'restart'
# option dpddelay '30'
# option dpdtimeout '150'
# option interface 'vti2_1_5' # only for route based tunnels
# list leftsubnets '0.0.0.0/0'
# list rightsubnets '0.0.0.0/0'
# option phase2 'esp' # phase2 protocol
# list ike 'p1' # list of crypto_proposal (phase1 proposals)
# list phase2ag 'p1' # list of crypto_proposal (phase2 proposals')
# option nflog '0' # enable nflog
# option update_peeraddr '1' # auto update vti interface ppeeradd in /etc/config/network

11
net/libreswan/files/etc/hotplug.d/iface/89-libreswan Normal file
View file

@ -0,0 +1,11 @@
#!/bin/sh
[ "$ACTION" = ifup -o "$ACTION" = ifupdate ] || exit 0
[ "$ACTION" = ifupdate -a -z "$IFUPDATE_ADDRESSES" -a -z "$IFUPDATE_DATA" ] && exit 0
/etc/init.d/ipsec running || exit 0
uci show libreswan | grep -i "='$INTERFACE'$" || exit 0
logger -t libreswan "Restart libreswan due to $ACTION of $INTERFACE ($DEVICE)"
/etc/init.d/ipsec restart

220
net/libreswan/files/etc/hotplug.d/libreswan/00-default Normal file
View file

@ -0,0 +1,220 @@
#!/bin/sh
# Things that this script gets (from ipsec_pluto(8) man page)
#
# PLUTO_VERB
# specifies the name of the operation to be performed
# (prepare-host, prepare-client, up-host, up-client,
# down-host, or down-client). If the address family
# for security gateway to security gateway
# communications is IPv6, then a suffix of -v6 is added
# to the verb.
#
# PLUTO_CONNECTION
# is the name of the connection for which we are
# routing.
#
# PLUTO_CONNECTION_TYPE
# is type of the connection, "tunnel" or "transport".
#
# PLUTO_CONN_POLICY
# the policy of the connection, as in:
# RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC
# +failureDROP+lKOD+rKOD
#
# CAT=YES|
# if client address translation inside IPsec stack is enabled
#
# PLUTO_NEXT_HOP
# is the next hop to which packets bound for the peer
# must be sent.
#
# PLUTO_INTERFACE
# is the name of the real interface used by encrypted traffic and IKE traffic
#
# PLUTO_ME
# is the IP address of our host.
#
# PLUTO_MY_ID
# is our ID.
#
# PLUTO_METRIC
# is the metric to set for the route
#
# PLUTO_MTU
# is the mtu to set for the route
#
# PLUTO_ADD_TIME
# Time the IPsec SA was added to the kernel
#
# PLUTO_MOBIKE_EVENT
# wether the connection is underdoing MOBIKE migration
#
# PLUTO_MY_CLIENT
# is the IP address / count of our client subnet. If
# the client is just the host, this will be the
# host's own IP address / mask (where max is 32 for
# IPv4 and 128 for IPv6).
#
# PLUTO_MY_CLIENT_NET
# is the IP address of our client net. If the client
# is just the host, this will be the host's own IP
# address.
#
# PLUTO_MY_CLIENT_MASK
# is the mask for our client net. If the client is
# just the host, this will be 255.255.255.255.
#
# PLUTO_MY_SOURCEIP
# if non-empty, then the source address for the route will be
# set to this IP address.
#
# PLUTO_MY_PROTOCOL
# is the protocol for this connection. Useful for
# firewalling.
#
# PLUTO_MY_PORT
# is the port. Useful for firewalling.
#
# PLUTO_PEER
# is the IP address of our peer.
#
# PLUTO_PEER_ID
# is the ID of our peer.
#
# PLUTO_PEER_CLIENT
# is the IP address / count of the peer's client subnet.
# If the client is just the peer, this will be
# the peer's own IP address / mask (where max is 32
# for IPv4 and 128 for IPv6).
#
# PLUTO_PEER_CLIENT_NET
# is the IP address of the peer's client net. If the
# client is just the peer, this will be the peer's
# own IP address.
#
# PLUTO_PEER_CLIENT_MASK
# is the mask for the peer's client net. If the
# client is just the peer, this will be
# 255.255.255.255.
#
# PLUTO_PEER_PROTOCOL
# is the protocol set for remote end with port
# selector.
#
# PLUTO_PEER_PORT
# is the peer's port. Useful for firewalling.
#
# PLUTO_PEER_CA
# is the DN of the peer's CA that signed its certificate
#
# PLUTO_CFG_CLIENT=0|1
# is MODECFG or IKEv2 Config client.
#
# PLUTO_CFG_SERVER=0|1
# is MODECFG or IKEv2 Config server.
#
# PLUTO_PEER_DNS_INFO
# The peer's supplied DNS information (IKEv1 and IKEv2)
#
# PLUTO_PEER_DOMAIN_INFO
# The peer's supplied domain list for local resolving (IKEv2 only)
#
# PLUTO_PEER_BANNER
# is the peer's provided banner
#
# PLUTO_NM_CONFIGURED=0|1
# is NetworkManager used for resolv.conf update
#
# PLUTO_CONN_ADDRFAMILY
# is the family type, "ipv4" or "ipv6"
#
# PLUTO_CONN_KIND
# is the "kind" of connection (CK_PERMANENT, CK_INSTANCE, etc)
#
# PLUTO_STACK
# is the local IPsec kernel stack used, eg XFRM, BSDKAME, NOSTACK
#
# PLUTO_IS_PEER_CISCO=0|1
# remote server type is cisco. Add support for cisco extensions
# when used with xauth.
#
# PLUTO_SA_REQID
# When using KAME or XFRM, the IPsec SA reqid base value.
# ESP/AH out is base, ESP/AH in = base + 1
# IPCOMP is base + 2 plus for inbound + 1
#
# PLUTO_XFRMI_FWMARK
# use outgoing mark
#
# PLUTO_SA_TYPE
# The type of IPsec SA (ESP or AH)
#
# PLUTO_USERNAME
# The username (XAUTH or GSSAPI) that was authenticated (if any)
# for this SA
#
# PLUTO_VIRT_INTERFACE
# is the name of ipsec interface used by clear traffic in/out
#
# INTERFACE_IP
# The IP to configure / expect on the interface? Currently is never set
#
# PLUTO_XFRM_ROUTE
# if an XFRM (ipsec-device) has been specified, value will be "yes"
#
# XAUTH_FAILED
# If xauthfail=soft this will be set to 1 if XAUTH authentication
# failed. If xauthfail=hard, the updown scripts never run.
#
# CONNMARK
# If mark= is set on the connection, this variable will be
# set with the value. It can be used for iptables or VTI.
#
# CONNMARK_IN
# the incoming mark to use
#
# CONNMARK_OUT
# the outgoing mark to use
#
# VTI_IFACE=iface
# Name of VTI interface to create
#
# VTI_ROUTING=yes|no
# Whether or not to perform ip rule and ip route commands
# covering the IPsec SA address ranges to route those packets
# into the VTI_IFACE interface. This should be enabled unless
# the IPsec SA covers 0.0.0.0/0 <-> 0.0.0.0/0
#
# VTI_SHARED=yes|no
# Whether or not more conns (or instances) share a VTI device.
# If not shared, the VTI device is deleted when tunnel goes down.
#
# VTI_IP
# The IP to configure on the VTI device
#
# SPI_IN / SPI_OUT
# The inbound and outbound SPI's of the connection.
#
# PLUTO_INBYTES
# total bytes received
#
# PLUTO_OUTBYTES
# total bytes sent
#
# NFLOG
# is the nflog group to use
#
case "${PLUTO_VERB}" in
prepare-host|prepare-host-v6) ;;
prepare-client|prepare-client-v6) ;;
route-host|route-host-v6) ;;
unroute-host|unroute-host-v6) ;;
route-client|route-client-v6) ;;
unroute-client|unroute-client-v6) ;;
up-host|up-host-v6) ;;
down-host|down-host-v6) ;;
up-client|up-client-v6) ;;
down-client|down-client-v6) ;;
esac

7
net/libreswan/files/etc/hotplug.d/libreswan/01-user Normal file
View file

@ -0,0 +1,7 @@
#!/bin/sh
[ -e "/etc/ipsec.user" ] && {
. /etc/ipsec.user
}
exit 0

24
net/libreswan/files/etc/hotplug.d/libreswan/02-vti Normal file
View file

@ -0,0 +1,24 @@
#!/bin/sh
. /lib/functions.sh
[ "${PLUTO_VERB}" != "route-client" ] && [ "${PLUTO_VERB}" != "up-client" ] && exit 0
CONNECTION=${PLUTO_CONNECTION%/*}
[ -z "$CONNECTION" ] && exit 0
update_peeraddr=$(uci_get libreswan $CONNECTION update_peeraddr)
[ "$update_peeraddr" != "1" ] && exit 0
interface=$(uci_get libreswan $CONNECTION interface)
[ -z "$interface" ] && exit 0
proto=$(uci_get network "$interface" proto)
[ "$proto" != "vti" ] && exit 0
peeraddr=$(uci_get network "$interface" peeraddr)
[ "$peeraddr" == "$PLUTO_PEER" ] && exit 0
uci_set network "$interface" peeraddr "$PLUTO_PEER"
uci_commit network
ifup "$interface"

76
net/libreswan/files/etc/hotplug.d/libreswan/61-iptables Normal file
View file

@ -0,0 +1,76 @@
#!/bin/sh
. /lib/functions.sh
FW4="$(command -v fw4)"
[ -n "$FW4" ] && exit 0
CONNECTION="${PLUTO_CONNECTION//\//_}"
[ -z "$CONNECTION" ] && exit 0
IPT_LEGACY="$(command -v iptables-legacy)"
IPT="$(command -v iptables)"
BIN="${IPT_LEGACY:-$IPT}"
[ -z "$BIN" ] && exit 0
LIBRESWAN_INPUT="libreswan_input"
LIBRESWAN_FORWARD="libreswan_forward"
LIBRESWAN_OUTPUT="libreswan_output"
LIBRESWAN_NFLOG_INPUT="libreswan_nflog_input"
LIBRESWAN_NFLOG_OUTPUT="libreswan_nflog_output"
LIBRESWAN_POSTROUTING="libreswan_postrouting"
FW_DIR="/tmp/libreswan/firewall.d"
LIBRESWAN_RULES_FILE="$FW_DIR/libreswan.rules"
RULES_DIR="$FW_DIR/rules"
IPV4_RULES_FILE="$RULES_DIR/${CONNECTION}-ipv4.rules"
IPV6_RULES_FILE="$RULES_DIR/${CONNECTION}-ipv6.rules"
reload_firewall() {
[ ! -d "$RULES_DIR" ] && return 0
cat $RULES_DIR/*.rules > "$LIBRESWAN_RULES_FILE" 2>/dev/null
/etc/init.d/firewall reload
}
up_rules() {
[ -z "$PLUTO_PEER_CLIENT" ] && return 0
[ ! -d "$RULES_DIR" ] && mkdir -p "$RULES_DIR"
[ "$PLUTO_PEER_CLIENT" = "0.0.0.0/0" ] && [ "$PLUTO_MY_CLIENT" = "0.0.0.0/0" ] && return 0
cat << EOF > $IPV4_RULES_FILE
$BIN -t filter -A $LIBRESWAN_INPUT -m policy --dir in --pol ipsec -s $PLUTO_PEER_CLIENT -d $PLUTO_MY_CLIENT -m comment --comment "$PLUTO_CONNECTION" -j ACCEPT
$BIN -t filter -A $LIBRESWAN_FORWARD -s $PLUTO_PEER_CLIENT -d $PLUTO_MY_CLIENT -m comment --comment "$PLUTO_CONNECTION" -j ACCEPT
$BIN -t filter -A $LIBRESWAN_OUTPUT -m policy --dir out --pol ipsec -s $PLUTO_MY_CLIENT -d $PLUTO_PEER_CLIENT -m comment --comment "$PLUTO_CONNECTION" -j ACCEPT
$BIN -t nat -A $LIBRESWAN_POSTROUTING -m policy --dir out --pol ipsec -s $PLUTO_MY_CLIENT -d $PLUTO_PEER_CLIENT -m comment --comment "$PLUTO_CONNECTION" -j ACCEPT
EOF
if [ -n "$NFLOG" ]; then
cat << EOF > $IPV4_RULES_FILE
$BIN -t filter -A $LIBRESWAN_NFLOG_INPUT -m policy --dir in --pol ipsec -s $PLUTO_PEER_CLIENT -d $PLUTO_MY_CLIENT -j NFLOG --nflog-group $NFLOG --nflog-prefix $PLUTO_CONNECTION
$BIN -t filter -A $LIBRESWAN_NFLOG_OUTPUT -m policy --dir out --pol ipsec -s $PLUTO_MY_CLIENT -d $PLUTO_PEER_CLIENT -j NFLOG --nflog-group $NFLOG --nflog-prefix $PLUTO_CONNECTION
EOF
fi
reload_firewall
return 0
}
down_rules() {
if [ -f "$IPV4_RULES_FILE" ]; then
rm -rf "$IPV4_RULES_FILE"
reload_firewall
fi
return 0
}
case "${PLUTO_VERB}" in
up-host|up-client) up_rules ;;
down-host|down-client) down_rules ;;
up-host-v6|down-host-v6) ;;
up-client|down-client-v6) ;;
esac

87
net/libreswan/files/etc/hotplug.d/libreswan/62-nftables Normal file
View file

@ -0,0 +1,87 @@
#!/bin/sh
. /lib/functions.sh
FW4="$(command -v fw4)"
[ -z "$FW4" ] && exit 0
CONNECTION="${PLUTO_CONNECTION//\//_}"
[ -z "$CONNECTION" ] && exit 0
FW_DIR="/tmp/libreswan/firewall.d"
LIBRESWAN_RULES_FILE="$FW_DIR/libreswan.rules"
RULES_DIR="$FW_DIR/rules"
IPV4_RULES_FILE="$RULES_DIR/${CONNECTION}-ipv4.rules"
IPV6_RULES_FILE="$RULES_DIR/${CONNECTION}-ipv6.rules"
NFLOG_ALL_RULES_FILE="$RULES_DIR/nflog_all.rules"
reload_firewall() {
[ ! -d "$RULES_DIR" ] && return 0
cat $RULES_DIR/*.rules > "$LIBRESWAN_RULES_FILE" 2>/dev/null
/etc/init.d/firewall reload
}
up_rules() {
[ -z "$PLUTO_PEER_CLIENT" ] && return 0
[ ! -d "$RULES_DIR" ] && mkdir -p "$RULES_DIR"
eval $(ipsec addconn --configsetup)
if [ -n "$nflog_all" ]; then
unset NFLOG
if [ ! -f "$NFLOG_ALL_RULES_FILE" ]; then
cat << EOF > "$NFLOG_ALL_RULES_FILE"
table inet fw4 {
chain libreswan_nflog_input {
meta ipsec exists log prefix "all-ipsec" group ${nflog_all}
}
chain libreswan_nflog_output {
rt ipsec exists log prefix "all-ipsec" group ${nflog_all}
}
}
EOF
fi
else
[ -f "$NFLOG_ALL_RULES_FILE" ] && rm -f "$NFLOG_ALL_RULES_FILE"
fi
cat << EOF > $IPV4_RULES_FILE
table inet fw4 {
chain libreswan_input {
meta ipsec exists ipsec in ip saddr $PLUTO_PEER_CLIENT ip daddr $PLUTO_MY_CLIENT ${NFLOG:+log prefix \"${PLUTO_CONNECTION}\" group ${NFLOG}} accept comment "$PLUTO_CONNECTION"
}
chain libreswan_forward {
meta ipsec exists ipsec in ip saddr $PLUTO_PEER_CLIENT ip daddr $PLUTO_MY_CLIENT accept comment "$PLUTO_CONNECTION"
}
chain libreswan_output {
ipsec out ip saddr $PLUTO_MY_CLIENT ip daddr $PLUTO_PEER_CLIENT ${NFLOG:+log prefix \"${PLUTO_CONNECTION}\" group ${NFLOG}} accept comment "$PLUTO_CONNECTION"
}
chain libreswan_srcnat {
ip saddr $PLUTO_MY_CLIENT ip daddr $PLUTO_PEER_CLIENT accept comment "$PLUTO_CONNECTION"
}
}
EOF
reload_firewall
return 0
}
down_rules() {
if [ -f "$IPV4_RULES_FILE" ]; then
rm -rf "$IPV4_RULES_FILE"
reload_firewall
fi
return 0
}
case "${PLUTO_VERB}" in
up-host|up-client) up_rules ;;
down-host|down-client) down_rules ;;
up-host-v6|down-host-v6) ;;
up-client|down-client-v6) ;;
esac

337
net/libreswan/files/etc/init.d/ipsec Normal file
View file

@ -0,0 +1,337 @@
#!/bin/sh /etc/rc.common
. "${IPKG_INSTROOT}/lib/functions/network.sh"
START=90
STOP=10
USE_PROCD=1
PROG="/usr/libexec/ipsec/pluto"
IPSEC_BIN="/usr/sbin/ipsec"
IPSEC_DIR="/var/run/ipsec"
IPSEC_CONF="$IPSEC_DIR/setup.conf"
IPSEC_CONF_DIR="$IPSEC_DIR/conf.d"
IPSEC_AUTO="${IPSEC_BIN} auto"
extra_command "start_tunnel" "Start ipsec tunnel"
extra_command "stop_tunnel" "Stop ipsec tunnel"
extra_command "reload_tunnel" "Reload/restart ipsec tunnel"
set_var() {
export "$1=$2"
}
get_var() {
local var
var=$(eval echo "\"\${${1}}\"")
[ "$var" = "1" ] && return 0
return 1
}
set_restart_flag() {
set_var "RESTART_IPSEC" 1
}
restart_flag() {
get_var RESTART_IPSEC
}
set_replace_flag() {
set_var "REPLACE_${1}" 1
}
replace_flag() {
get_var "REPLACE_${1}"
}
checkconfig() {
${IPSEC_BIN} addconn --checkconfig || return 1
mkdir -p /var/run/pluto
}
expand_ike() {
local id="$1"
local encryption_algorithm hash_algorithm dh_group proposal
config_get encryption_algorithm "${id}" encryption_algorithm
config_get hash_algorithm "${id}" hash_algorithm
config_get dh_group "${id}" dh_group
encryption_algorithm="${encryption_algorithm% *}"
proposal="${encryption_algorithm:+${encryption_algorithm}${hash_algorithm:+-${hash_algorithm}${dh_group:+;${dh_group%% *}}}}"
append ike_proposal "$proposal" ","
}
expand_phase2alg() {
local id="$1"
local encryption_algorithm hash_algorithm dh_group
config_get encryption_algorithm "${id}" encryption_algorithm
config_get hash_algorithm "${id}" hash_algorithm
config_get dh_group "${id}" dh_group
phase2alg_proposal="${encryption_algorithm:+${encryption_algorithm// /+}${hash_algorithm:+-${hash_algorithm// /+}${dh_group:+-${dh_group// /+}}}}"
}
generate_tunnel_config() {
local id=$1
local config_file="$IPSEC_CONF_DIR/$id.conf"
local secret_file="$IPSEC_CONF_DIR/$id.secret"
local tmp_config_file="/tmp/$id.conf"
local tmp_secret_file="/tmp/$id.secret"
local ikey mark_in okey mark_out ifid
config_get auto "$id" auto
config_get left "$id" left
config_get left_interface "$id" left_interface
[ -n "$left_interface" ] && network_get_ipaddr left "$left_interface"
config_get right "$id" right
config_get leftid "$id" leftid "$left"
config_get rightid "$id" rightid "$right"
config_get leftsourceip "$id" leftsourceip
config_get rightsourceip "$id" rightsourceip
config_get leftsubnets "$id" leftsubnets
config_get rightsubnets "$id" rightsubnets
config_get_bool ikev2 "$id" ikev2
[ "$ikev2" = "1" ] && ikev2=yes || ikev2=no
config_get_bool rekey "$id" rekey
[ "$rekey" = "1" ] && rekey=yes || rekey=no
config_get ikelifetime "$id" ikelifetime
config_get rekeymargin "$id" rekeymargin
config_get dpdaction "$id" dpdaction
config_get dpdtimeout "$id" dpdtimeout
config_get dpddelay "$id" dpddelay
config_get phase2 "$id" phase2
config_get phase2alg "$id" phase2alg
config_get nflog "$id" nflog 0
[ "$nflog" = "0" ] && unset nflog
config_list_foreach "$id" ike expand_ike
config_list_foreach "$id" phase2alg expand_phase2alg
config_get authby "$id" authby
config_get psk "$id" psk
if [ -n "$leftsubnets" ]; then
[[ "$leftsubnets" =~ 0.0.0.0* ]] && leftsubnets="0.0.0.0/0"
leftsubnets="{${leftsubnets// /,}}"
fi
if [ -n "$rightsubnets" ]; then
[[ "$rightsubnets" =~ 0.0.0.0* ]] && rightsubnets="0.0.0.0/0"
rightsubnets="{${rightsubnets// /,}}"
fi
config_get interface "$id" interface
cat << EOF > "$tmp_secret_file"
$leftid $rightid : PSK "$psk"
EOF
cat << EOF > "$tmp_config_file"
conn $id
auto=${auto}
authby=${authby}
ikev2=${ikev2}
left=${left%% *}
${leftid:+leftid=${leftid}}
${leftsourceip:+leftsourceip=${leftsourceip}}
${leftsubnets:+leftsubnets=${leftsubnets}}
right=${right%% *}
${rightid:+rightid=${rightid}}
${rightsourceip:+rightsourceip=${rightsourceip}}
${rightsubnets:+rightsubnets=${rightsubnets}}
${dpdaction:+dpdaction=${dpdaction}}
${dpdtimeout:+dpdtimeout=${dpdtimeout}}
${dpddelay:+dpddelay=${dpddelay}}
${ikelifetime:+ikelifetime=${ikelifetime}}
${rekey:+rekey=${rekey}}
${rekeymargin:+rekeymargin=${rekeymargin}}
${rekeyfuzz:+rekeyfuzz=${rekeyfuzz}}
${phase2:+phase2=${phase2}}
${ike_proposal:+ike=${ike_proposal}}
${phase2alg_proposal:+phase2alg=${phase2alg_proposal}}
${nflog:+nflog=${nflog}}
EOF
if [ -n "$interface" ]; then
proto=$(uci_get network "$interface" proto)
case "$proto" in
vti)
ikey=$(uci_get network "$interface" ikey)
okey=$(uci_get network "$interface" okey)
mark_in=$(printf "0x%x" $ikey)
mark_out=$(printf "0x%x" $okey)
echo -e "${mark_in:+\tmark-in=${mark_in}}" >> "$tmp_config_file"
echo -e "${mark_out:+\tmark-out=${mark_out}}" >> "$tmp_config_file"
echo -e "${interface:+\tvti-interface=${interface}}" >> "$tmp_config_file"
;;
xfrm)
ifid=$(uci_get network "$interface" ifid)
echo -e "${ifid:+\tipsec-interface=${ifid}}" >> "$tmp_config_file"
;;
esac
fi
[ -f "$config_file" ] && {
cmp "$config_file" "$tmp_config_file" 2>/dev/null && rm -f "$tmp_config_file"
}
[ -f "$secret_file" ] && {
cmp "$secret_file" "$tmp_secret_file" 2>/dev/null && rm -f "$tmp_secret_file"
}
[ -f "$tmp_config_file" ] && mv "$tmp_config_file" "$config_file" && set_replace_flag "$id"
[ -f "$tmp_secret_file" ] && mv "$tmp_secret_file" "$secret_file" && set_replace_flag "$id"
unset ike_proposal phase2alg_proposal
}
generate_daemon_config() {
local tmp_config_file="/tmp/setup.conf"
config_get_bool debug globals debug 0
[ "$debug" = "0" ] && debug=none || debug=all
config_get_bool uniqueids globals uniqueids 0
[ "$uniqueids" = "0" ] && uniqueids=no || uniqueids=yes
config_get listen globals listen
config_get listen_interface globals listen_interface
[ -n "$listen_interface" ] && network_get_ipaddr listen "$listen_interface"
config_get virtual_private globals virtual_private
[ -z "$virtual_private" ] && virtual_private='10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 25.0.0.0/8 100.64.0.0/10 !100.64.0.0/24'
config_get nflog_all globals nflog_all 0
[ "$nflog_all" = "0" ] && unset nflog_all
[ ! -d $IPSEC_DIR ] && mkdir -p $IPSEC_DIR
[ ! -d $IPSEC_CONF_DIR ] && mkdir -p $IPSEC_CONF_DIR
cat << EOF > "$tmp_config_file"
config setup
${debug:+plutodebug=${debug}}
${uniqueids:+uniqueids=${uniqueids}}
${listen:+listen=${listen}}
${virtual_private:+virtual-private=%v4:${virtual_private// /,%v4:}}
${nflog_all:+nflog-all=${nflog_all}}
EOF
if ! cmp "$IPSEC_CONF" "$tmp_config_file" 2>/dev/null; then
mv "$tmp_config_file" "$IPSEC_CONF"
set_restart_flag 1
else
rm -f "$tmp_config_file"
fi
return 0
}
clean_config() {
rm -f $IPSEC_CONF_DIR/*.conf $IPSEC_CONF_DIR/*.secret
}
config_cb() {
local var="CONFIG_${1}_SECTIONS"
export $var
append "$var" "$2"
}
generate_config() {
config_load libreswan
generate_daemon_config
config_foreach generate_tunnel_config tunnel
}
regenerate_config() {
clean_config
generate_config
}
active_conns() {
local active_conns file _file
active_conns=$(${IPSEC_BIN} --trafficstatus | awk -F'[":/]' '{print $3}' | sort -u)
for file in $IPSEC_CONF_DIR/*.conf; do
_file="${file##*/}"
list_contains active_conns "${_file%%.*}" || append active_conns "${_file%%.*}"
done
echo "$active_conns"
}
start_service() {
generate_config
checkconfig || return 1
${IPSEC_BIN} _stackmanager start
procd_open_instance
procd_set_param command $PROG --nofork
procd_set_param respawn
procd_close_instance
}
stop_service() {
${IPSEC_BIN} whack --shutdown
${IPSEC_BIN} _stackmanager stop
}
stop_tunnel() {
${IPSEC_AUTO} --delete "$1" > /dev/null 2>&1
rm -f ${IPSEC_CONF_DIR}/$1.*
}
start_tunnel() {
generate_tunnel_config "$1"
${IPSEC_AUTO} --add "$1" > /dev/null 2>&1
${IPSEC_AUTO} --rereadsecrets
${IPSEC_AUTO} --up "$1" > /dev/null 2>&1 &
}
reload_tunnel() {
generate_tunnel_config "$1"
replace_flag "$1" || return 0
${IPSEC_AUTO} --rereadsecrets
${IPSEC_AUTO} --replace "$1" > /dev/null 2>&1
${IPSEC_AUTO} --up "$1" > /dev/null 2>&1 &
}
reload_service() {
local active_tunnels uci_tunnels
uci_tunnels="$@"
config_load libreswan
generate_daemon_config
if restart_flag; then
restart
return 0
fi
[ -z "$uci_tunnels" ] && config_get uci_tunnels tunnel SECTIONS
active_tunnels="$(active_conns)"
for tunnel in $active_tunnels; do
list_contains uci_tunnels "$tunnel" || stop_tunnel "$tunnel"
done
for tunnel in $uci_tunnels; do
if list_contains active_tunnels "$tunnel"; then
reload_tunnel "$tunnel"
else
start_tunnel "$tunnel"
fi
done
}
service_triggers() {
procd_add_reload_trigger 'libreswan'
}

3
net/libreswan/files/etc/ipsec.conf Normal file
View file

@ -0,0 +1,3 @@
include /var/run/ipsec/setup.conf
include /var/run/ipsec/conf.d/*.conf
include /etc/ipsec.d/*.conf

2
net/libreswan/files/etc/ipsec.secrets Normal file
View file

@ -0,0 +1,2 @@
include /var/run/ipsec/conf.d/*.secret
include /etc/ipsec.d/*.secrets

90
net/libreswan/files/etc/libreswan_firewall.sh Executable file
View file

@ -0,0 +1,90 @@
#!/bin/sh
FW4="$(command -v fw4)"
[ -n "$FW4" ] && exit 0
IPT_LEGACY="$(command -v iptables-legacy)"
IPT="$(command -v iptables)"
BIN="${IPT_LEGACY:-$IPT}"
[ -z "$BIN" ] && exit 0
LIBRESWAN_INPUT="libreswan_input"
LIBRESWAN_FORWARD="libreswan_forward"
LIBRESWAN_OUTPUT="libreswan_output"
LIBRESWAN_NFLOG_INPUT="libreswan_nflog_input"
LIBRESWAN_NFLOG_OUTPUT="libreswan_nflog_output"
LIBRESWAN_POSTROUTING="libreswan_postrouting"
FW_DIR="/tmp/libreswan/firewall.d"
LIBRESWAN_RULES_FILE="$FW_DIR/libreswan.rules"
flush_delete_chain() {
[ $# -lt 2 ] && return
$BIN -t $1 -nL $2 > /dev/null 2>&1 || return
$BIN -t $1 -F $2
$BIN -t $1 -X $2
}
cleanup_libreswan_rules() {
$BIN -t filter -C input_rule -j $LIBRESWAN_INPUT > /dev/null 2>&1
[ $? -eq 0 ] && $BIN -t filter -D input_rule -j $LIBRESWAN_INPUT
$BIN -t filter -C output_rule -j $LIBRESWAN_OUTPUT > /dev/null 2>&1
[ $? -eq 0 ] && $BIN -t filter -D output_rule -j $LIBRESWAN_OUTPUT
$BIN -t filter -C forwarding_rule -j $LIBRESWAN_FORWARD > /dev/null 2>&1
[ $? -eq 0 ] && $BIN -t filter -D forwarding_rule -j $LIBRESWAN_FORWARD
$BIN -t nat -C postrouting_rule -j $LIBRESWAN_POSTROUTING > /dev/null 2>&1
[ $? -eq 0 ] && $BIN -t nat -D postrouting_rule -j $LIBRESWAN_POSTROUTING
flush_delete_chain filter $LIBRESWAN_NFLOG_INPUT
flush_delete_chain filter $LIBRESWAN_INPUT
flush_delete_chain filter $LIBRESWAN_FORWARD
flush_delete_chain filter $LIBRESWAN_NFLOG_OUTPUT
flush_delete_chain filter $LIBRESWAN_OUTPUT
flush_delete_chain filter $LIBRESWAN_NFLOG_INPUT
flush_delete_chain filter $LIBRESWAN_NFLOG_OUTPUT
flush_delete_chain nat $LIBRESWAN_POSTROUTING
}
create_chain_jump() {
[ $# -lt 3 ] && return
local table=$1
local chain=$2
local base_chain=$3
$BIN -t $table -N $chain
$BIN -t $table -C $base_chain -j $chain
[ $? -ne 0 ] && $BIN -t $table -I $base_chain -j $chain
$BIN -t $table -F $chain
}
if ! /etc/init.d/ipsec running; then
cleanup_libreswan_rules
exit 0
fi
eval $(ipsec addconn --configsetup)
create_chain_jump filter "$LIBRESWAN_INPUT" "insert_rule"
create_chain_jump filter "$LIBRESWAN_FORWARD" "forwarding_rule"
create_chain_jump filter "$LIBRESWAN_OUTPUT" "output_rule"
create_chain_jump filter "$LIBRESWAN_NFLOG_INPUT" "$LIBRESWAN_INPUT"
create_chain_jump filter "$LIBRESWAN_NFLOG_OUTPUT" "$LIBRESWAN_OUTPUT"
create_chain_jump nat "$LIBRESWAN_POSTROUTING" "postrouting_rule"
[ ! -f $LIBRESWAN_RULES_FILE ] && exit 0
if [ -n "$nflog_all" ]; then
sed -i -e '/NFLOG/d' "$LIBRESWAN_RULES_FILE"
$BIN -t filter -I $LIBRESWAN_NFLOG_INPUT -m policy --dir in --pol ipsec -j NFLOG --nflog-group ${nflog_all} --nflog-prefix all-ipsec
$BIN -t filter -I $LIBRESWAN_NFLOG_OUTPUT -m policy --dir out --pol ipsec -j NFLOG --nflog-group ${nflog_all} --nflog-prefix all-ipsec
fi
sh $LIBRESWAN_RULES_FILE

8
net/libreswan/files/etc/uci-defaults/091-libreswan Normal file
View file

@ -0,0 +1,8 @@
#!/bin/sh
. /lib/functions.sh
uci_add firewall include libreswan
uci_set firewall libreswan path '/etc/libreswan_firewall.sh'
uci_set firewall libreswan reload 1
uci_commit firewall

25
net/libreswan/files/ipsec.conf
View file

@ -1,25 +0,0 @@
config setup
# needed when using PSK only. Not needed for X.509 based servers
uniqueids=no
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v4:!100.64.0.0/24
conn ikev1
authby=secret
pfs=no
auto=add
rekey=no
left=%defaultroute
right=%any
ikev2=never
type=transport
leftprotoport=17/1701
rightprotoport=17/%any
dpddelay=15
dpdtimeout=30
dpdaction=clear
conn ikev1-nat
also=ikev1
rightsubnet=vhost:%priv
# include /etc/ipsec.d/*.conf

36
net/libreswan/files/ipsec.init
View file

@ -1,36 +0,0 @@
#!/bin/sh /etc/rc.common
START=90
STOP=10
USE_PROCD=1
PROG="/usr/libexec/ipsec/pluto"
IPSEC_SECRETS=/etc/ipsec.secrets
IPSEC_CONF=/etc/ipsec.conf
IPSEC_BIN=/usr/sbin/ipsec
checkconfig() {
${IPSEC_BIN} addconn --checkconfig || return 1
mkdir -p /var/run/pluto
}
start_service() {
checkconfig || return 1
ipsec _stackmanager start
# Enable nflog if configured
ipsec --checknflog > /dev/null
procd_open_instance
procd_set_param command $PROG --config ${IPSEC_CONF} --nofork --secretsfile ${IPSEC_SECRETS}
procd_set_param respawn
procd_close_instance
}
stop_service() {
ipsec whack --shutdown
ipsec _stackmanager stop
ipsec --stopnflog > /dev/null
}

10
net/libreswan/files/ipsec.secrets
View file

@ -1,10 +0,0 @@
# Unlike older openswan, this file does NOT contain any X.509 related
# information such as private key :RSA statements as these now reside
# in the NSS database. See:
#
# https://libreswan.org/wiki/Using_NSS_with_libreswan
# https://libreswan.org/wiki/Migrating_from_Openswan
# A.B.C.D %any : PSK "SsEeCcRrEeTt"
: PSK "SsEeCcRrEeTt"
# include /etc/ipsec.d/*.secrets

3
net/libreswan/files/usr/libexec/ipsec/_updown.xfrm Normal file
View file

@ -0,0 +1,3 @@
#!/bin/sh
/sbin/hotplug-call libreswan

183
net/libreswan/files/usr/libexec/rpcd/libreswan Normal file
View file

@ -0,0 +1,183 @@
#!/bin/sh
. /lib/functions.sh
. /usr/share/libubox/jshn.sh
RPC_SCRIPTS=/usr/libexec/libreswan/rpc
[ -d $RPC_SCRIPTS ] && include $RPC_SCRIPTS
IPSEC_TRAFFIC_STATES="/tmp/ipsec_traffic.$$"
IPSEC_TUNNEL_STATUS="/tmp/ipsec_status.$$"
__function__() {
type "$1" > /dev/null 2>&1
}
foreach_extra() {
local file obj
[ ! -d $RPC_SCRIPTS ] && return
for file in $RPC_SCRIPTS/*; do
obj="${file##*/}"
$1 "${obj%%.*}"
done
}
get_index() {
[ $# -lt 2 ] && return 1
local var=$1
local str=$2
local ele
local i=1
eval "val=\"\${$var}\""
for ele in ${val}; do
if [[ "$ele" = "$str" ]]; then
echo "$i"
return 0
fi
i="$((i+1))"
done
return 1
}
phase1_established() {
grep -q "\"${1%/*}\/.*(IKE SA established)\|\"${1%/*}\/.*(established IKE SA)" "$IPSEC_TUNNEL_STATUS"
}
phase2_established() {
grep -q "\"$1\".*(IPsec SA established)\|\"$1\".*(established Child SA)" "$IPSEC_TUNNEL_STATUS"
}
add_tunnel_object() {
local id="$1"
local leftsubnets rightsubnets right ctime active_right
local phase1=0 phase2=0 add_time inBytes outBytes
config_get right "$id" right
config_get leftsubnets "$id" leftsubnets
config_get rightsubnets "$id" rightsubnets
if [ -z "$right" ] || [ "$right" = "%any" ] || [ "$right" == "0.0.0.0" ]; then
active_right=$(awk -F'[: ]' '{ if ( $4 ~ "'"$id/"'") {print $5; exit 0};}' "$IPSEC_TUNNEL_STATUS")
fi
for lsubnet in $leftsubnets; do
lidx=$(get_index leftsubnets $lsubnet)
for rsubnet in $rightsubnets; do
ridx=$(get_index rightsubnets $rsubnet)
tid="${id}/${lidx}x${ridx}"
eval $(awk -F, '{if ($1 ~ "'"$tid"'" ) {printf("%s %s %s", $3, $4, $5)};}' "$IPSEC_TRAFFIC_STATES")
json_add_object tunnels
json_add_string name "$id"
json_add_string right "$right${active_right:+ (${active_right})}"
json_add_string leftsubnet "$lsubnet"
json_add_string rightsubnet "$rsubnet"
json_add_int tx "$outBytes"
json_add_int rx "$inBytes"
phase1_established "$tid" && phase1=1
phase2_established "$tid" && phase2=1
json_add_boolean phase1 "$phase1"
json_add_boolean phase2 "$phase2"
if [ "$phase1" = "1" ] && [ "$phase2" = "1" ]; then
ctime="$(date +%s)"
json_add_boolean connected 1
json_add_int uptime "$((ctime - add_time))"
else
json_add_boolean connected 0
json_add_int uptime 0
fi
json_close_object
done
done
}
generate_libreswan_states() {
ipsec trafficstatus > "$IPSEC_TRAFFIC_STATES"
ipsec status > "$IPSEC_TUNNEL_STATUS"
}
clean_libreswan_states() {
return
rm -f "$IPSEC_TRAFFIC_STATES" "$IPSEC_TUNNEL_STATUS"
}
libreswan_status() {
config_load libreswan
generate_libreswan_states
json_init
json_add_array tunnels
config_foreach add_tunnel_object tunnel
json_close_array
json_dump
clean_libreswan_states
}
call_extra() {
if __function__ "$1"; then
$1
else
json_init
json_add_string error "invalid call $1"
json_dump
fi
}
call_method() {
case "$1" in
status)
libreswan_status
;;
*)
call_extra $1
;;
esac
}
list_extra() {
if __function__ "${1}_help"; then
${1}_help
else
json_add_object "$1"
json_close_object
fi
}
list_methods() {
local file
json_init
json_add_object status
json_close_object
foreach_extra list_extra ${1}
json_dump
}
main () {
case "$1" in
list)
list_methods
;;
call)
call_method $2
;;
esac
}
main "$@"

1
net/libreswan/files/usr/share/nftables.d/chain-pre/forward/001-libreswan.nft Normal file
View file

@ -0,0 +1 @@
jump libreswan_forward

2
net/libreswan/files/usr/share/nftables.d/chain-pre/input/001-libreswan.nft Normal file
View file

@ -0,0 +1,2 @@
jump libreswan_nflog_input
jump libreswan_input

2
net/libreswan/files/usr/share/nftables.d/chain-pre/output/001-libreswan.nft Normal file
View file

@ -0,0 +1,2 @@
jump libreswan_nflog_output
jump libreswan_output

1
net/libreswan/files/usr/share/nftables.d/chain-pre/srcnat/001-libreswan.nft Normal file
View file

@ -0,0 +1 @@
jump libreswan_srcnat

6
net/libreswan/files/usr/share/nftables.d/table-post/001-libreswan.nft Normal file
View file

@ -0,0 +1,6 @@
chain libreswan_input {}
chain libreswan_nflog_input {}
chain libreswan_forward {}
chain libreswan_output {}
chain libreswan_nflog_output {}
chain libreswan_srcnat {}

6
net/lighttpd/Makefile
View file

@ -8,16 +8,16 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=lighttpd
PKG_VERSION:=1.4.72
PKG_VERSION:=1.4.73
PKG_RELEASE:=1
# release candidate ~rcX testing; remove for release
#PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://download.lighttpd.net/lighttpd/releases-1.4.x
PKG_HASH:=f7cade4d69b754a0748c01463c33cd8b456ca9cc03bb09e85a71bcbcd54e55ec
PKG_HASH:=818816d0b314b0aa8728a7076513435f6d5eb227f3b61323468e1f10dbe84ca8
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_MAINTAINER:=Glenn Strauss <gstrauss@gluelogic.com>
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:lighttpd:lighttpd

2
net/modemmanager/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=modemmanager
PKG_SOURCE_VERSION:=1.22.0
PKG_RELEASE:=3
PKG_RELEASE:=5
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://gitlab.freedesktop.org/mobile-broadband/ModemManager.git

26
net/modemmanager/files/modemmanager.common
View file

@ -235,24 +235,20 @@ mm_report_modem_wait() {
# Cleanup interfaces
mm_cleanup_interfaces() {
local modemlist modemlength idx modeminfo modemsysfspath
local sysfs_path status
modemlist=$(mmcli --list-modems --output-keyvalue)
[ -n "${modemlist}" ] || return 0
# Do nothing if there is no sysfs cache
[ -f "${MODEMMANAGER_SYSFS_CACHE}" ] || return
modemlength=$(modemmanager_get_field "${modemlist}" "modem-list.length")
while IFS= read -r sysfs_cache_line; do
sysfs_path=$(echo "${sysfs_cache_line}" | awk '{print $1}')
status=$(echo "${sysfs_cache_line}" | awk '{print $2}')
# do nothing if no modem reported
[ -n "${modemlength}" ] && [ "${modemlength}" -ge 1 ] && {
idx=1
while [ $idx -le "$modemlength" ]; do
modempath=$(modemmanager_get_field "${modemlist}" "modem-list.value\[$idx\]")
modeminfo=$(mmcli --modem "${modempath}" --output-keyvalue)
modemsysfspath=$(modemmanager_get_field "${modeminfo}" "modem.generic.device")
mm_cleanup_interface_by_sysfspath "${modemsysfspath}"
idx=$((idx + 1))
done
}
if [ "${status}" = "processed" ]; then
mm_log "debug" "call cleanup for: ${sysfs_path}"
mm_cleanup_interface_by_sysfspath "${sysfs_path}"
fi
done < ${MODEMMANAGER_SYSFS_CACHE}
}
mm_cleanup_interface_by_sysfspath() {

7
net/modemmanager/files/modemmanager.init
View file

@ -6,13 +6,6 @@ START=70
LOG_LEVEL="INFO"
stop_service() {
# Load common utils
. /usr/share/ModemManager/modemmanager.common
# Set all configured interfaces as unavailable
mm_cleanup_interfaces
}
start_service() {
# Setup ModemManager service
#

4
net/modemmanager/files/usr/sbin/ModemManager-wrapper
View file

@ -20,7 +20,6 @@ main() {
mkdir -p "${MODEMMANAGER_RUNDIR}"
chmod 0755 "${MODEMMANAGER_RUNDIR}"
mm_cleanup_interfaces
/usr/sbin/ModemManager "$@" 1>/dev/null 2>/dev/null &
CHILD="$!"
@ -28,6 +27,9 @@ main() {
mm_report_events_from_cache
wait "$CHILD"
# Set all configured interfaces as unavailable
mm_cleanup_interfaces
}
main "$@"

13
net/sing-box/Makefile
View file

@ -1,12 +1,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=sing-box
PKG_VERSION:=1.5.4
PKG_VERSION:=1.6.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=3238492e21246b56ef80e99f321c26ffaf9ac8877c916dce85273b61031c58b7
PKG_HASH:=3272c9ac447d009749429f38d76e9879609c0c321442c3235ba806d995c0838a
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE_FILES:=LICENSE
@ -35,7 +35,7 @@ endef
define Package/sing-box/description
Sing-box is a universal proxy platform which supports hysteria, SOCKS, Shadowsocks,
ShadowsocksR, ShadowTLS, Tor, trojan, VLess, VMess, WireGuard and so on.
ShadowTLS, Tor, trojan, VLess, VMess, WireGuard and so on.
endef
define Package/sing-box/config
@ -77,11 +77,6 @@ define Package/sing-box/config
bool "Build with reality TLS server support, see TLS."
default y
config SINGBOX_WITH_SHADOWSOCKSR
bool "Build with ShadowsocksR support"
help
It will be marked deprecated in 1.5.0 and removed entirely in 1.6.0.
config SINGBOX_WITH_UTLS
bool "Build with uTLS support for TLS outbound"
default y
@ -106,7 +101,6 @@ PKG_CONFIG_DEPENDS:= \
CONFIG_SINGBOX_WITH_LWIP \
CONFIG_SINGBOX_WITH_QUIC \
CONFIG_SINGBOX_WITH_REALITY_SERVER \
CONFIG_SINGBOX_WITH_SHADOWSOCKSR \
CONFIG_SINGBOX_WITH_UTLS \
CONFIG_SINGBOX_WITH_V2RAY_API \
CONFIG_SINGBOX_WITH_WIREGUARD
@ -121,7 +115,6 @@ GO_PKG_TAGS:=$(subst $(space),$(comma),$(strip \
$(if $(CONFIG_SINGBOX_WITH_GVISOR),with_gvisor) \
$(if $(CONFIG_SINGBOX_WITH_LWIP),with_lwip) \
$(if $(CONFIG_SINGBOX_WITH_QUIC),with_quic) \
$(if $(CONFIG_SINGBOX_WITH_SHADOWSOCKSR),with_shadowsocksr) \
$(if $(CONFIG_SINGBOX_WITH_REALITY_SERVER),with_reality_server) \
$(if $(CONFIG_SINGBOX_WITH_UTLS),with_utls) \
$(if $(CONFIG_SINGBOX_WITH_V2RAY_API),with_v2ray_api) \

6
net/tor/Makefile
View file

@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=tor
PKG_VERSION:=0.4.8.4
PKG_RELEASE:=2
PKG_VERSION:=0.4.8.7
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://dist.torproject.org/ \
https://archive.torproject.org/tor-package-archive
PKG_HASH:=09c1ce74a25fc3b48c81ff146cbd0dd538cbbb8fe4e2964fc2fb2b192f6a1d2b
PKG_HASH:=b20d2b9c74db28a00c07f090ee5b0241b2b684f3afdecccc6b8008931c557491
PKG_MAINTAINER:=Hauke Mehrtens <hauke@hauke-m.de> \
Peter Wagner <tripolar@gmx.at>
PKG_LICENSE_FILES:=LICENSE

4
utils/dmidecode/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=dmidecode
PKG_VERSION:=3.2
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@SAVANNAH/$(PKG_NAME)
@ -26,7 +26,7 @@ include $(INCLUDE_DIR)/package.mk
define Package/dmidecode
SECTION:=utils
CATEGORY:=Utilities
DEPENDS:=@(TARGET_x86||TARGET_x86_64)
DEPENDS:=@(TARGET_x86||TARGET_x86_64||TARGET_armsr_armv8)
TITLE:=Displays BIOS informations.
URL:=https://www.nongnu.org/dmidecode/
endef

4
utils/efibootmgr/Makefile
View file

@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=efibootmgr
PKG_VERSION:=18
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/rhboot/efibootmgr.git
@ -23,7 +23,7 @@ define Package/efibootmgr
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Application to modify the EFI Boot Manager
DEPENDS:=@TARGET_x86_64 +efivar +libpopt
DEPENDS:=@(TARGET_x86_64||TARGET_armsr_armv8) +efivar +libpopt
URL:=https://github.com/rhboot/efibootmgr
endef

6
utils/qemu/Makefile
View file

@ -9,10 +9,10 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=qemu
PKG_VERSION:=8.0.2
PKG_VERSION:=8.1.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_HASH:=f060abd435fbe6794125e2c398568ffc3cfa540042596907a8b18edca34cf6a5
PKG_HASH:=541526a764576eb494d2ff5ec46aeb253e62ea29035d1c23c0a8af4e6cd4f087
PKG_SOURCE_URL:=http://download.qemu.org/
PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=LICENSE tcg/LICENSE
@ -392,7 +392,7 @@ CONFIGURE_ARGS += \
--disable-docs \
--disable-fuse \
--disable-gcrypt \
--with-git-submodules=ignore \
--disable-download \
--disable-glusterfs \
--disable-gnutls \
--disable-guest-agent-msi \

4
utils/qemu/patches/0001-configure-allow-disable-fortify_source.patch
View file

@ -11,9 +11,9 @@ OpenWrt base build system decide flavor of fortify_source to use
--- a/configure
+++ b/configure
@@ -896,6 +896,8 @@ for opt do
@@ -823,6 +823,8 @@ for opt do
;;
--disable-vfio-user-server) vfio_user_server="disabled"
--gdb=*) gdb_bin="$optarg"
;;
+ --disable-fortify-source) fortify_source="no"
+ ;;

4
utils/qemu/patches/0006-util-mmap-alloc-fix-missing-MAP_SYNC.patch
View file

@ -32,9 +32,9 @@ Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
#endif /* CONFIG_LINUX */
#include "qemu/osdep.h"
@@ -29,6 +26,13 @@
#include <sys/vfs.h>
@@ -57,6 +54,13 @@ QemuFsType qemu_fd_getfs(int fd)
#endif
}
+#ifndef MAP_SYNC
+#define MAP_SYNC 0x0

4
utils/qemu/patches/0010-no-tests.patch
View file

@ -1,6 +1,6 @@
--- a/meson.build
+++ b/meson.build
@@ -3192,10 +3192,6 @@ subdir('common-user')
@@ -3451,10 +3451,6 @@ subdir('common-user')
subdir('bsd-user')
subdir('linux-user')
@ -11,7 +11,7 @@
# accel modules
tcg_real_module_ss = ss.source_set()
tcg_real_module_ss.add_all(when: 'CONFIG_TCG_MODULAR', if_true: tcg_module_ss)
@@ -3687,10 +3683,6 @@ subdir('scripts')
@@ -3945,10 +3941,6 @@ subdir('scripts')
subdir('tools')
subdir('pc-bios')
subdir('docs')

4
utils/restic/Makefile
View file

@ -1,12 +1,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=restic
PKG_VERSION:=0.16.1
PKG_VERSION:=0.16.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/restic/restic/tar.gz/v${PKG_VERSION}?
PKG_HASH:=31339090e3e8a044d014b9341c025cf59bf7bc133ae267bc5acdea5ac07837a9
PKG_HASH:=88165b5b89b6064df37a9964d660f40ac62db51d6536e459db9aaea6f2b2fc11
PKG_LICENSE:=BSD-2-Clause
PKG_LICENSE_FILES:=LICENSE